Cinder

[rbac] Reader user able to create, delete and accept volume transfer

Bug #2069605 reported by Yosi Ben Shimon on 2024-06-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cinder	New	Undecided	Unassigned

Bug Description

Reader user able to create, delete and accept volume transfer.
The expected response code is 403 (forbidden) but the actual response is 202.

From tempest logs:

create volume transfer:
2024-06-17 09:29:04,893 93289 INFO [tempest.lib.common.rest_client] Request (ProjectReaderTests:test_create_volume_transfer): 202 POST https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer 0.268s
2024-06-17 09:29:04,893 93289 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
        Body: {"transfer": {"volume_id": "06fb7e49-015c-453d-b58e-0e76ec7acf42"}}
    Response - Headers: {'date': 'Mon, 17 Jun 2024 09:29:04 GMT', 'server': 'Apache/2.4.52 (Ubuntu)', 'content-type': 'application/json', 'x-compute-request-id': 'req-f65a384f-c8db-481f-ac3e-3604599b3a60', 'content-length': '513', 'openstack-api-version': 'volume 3.0', 'vary': 'OpenStack-API-Version', 'x-openstack-request-id': 'req-f65a384f-c8db-481f-ac3e-3604599b3a60', 'connection': 'close', 'status': '202', 'content-location': 'https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer'}
        Body: b'{"transfer": {"id": "2e821250-f11e-43f5-95be-fd111adb408b", "created_at": "2024-06-17T09:29:04.884548", "name": null, "volume_id": "06fb7e49-015c-453d-b58e-0e76ec7acf42", "auth_key": "39faecbcfa42a011", "links": [{"rel": "self", "href": "https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/2e821250-f11e-43f5-95be-fd111adb408b"}, {"rel": "bookmark", "href": "https://10.210.192.86/volume/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/2e821250-f11e-43f5-95be-fd111adb408b"}]}}'

delete volume transfer:
2024-06-17 09:29:06,494 93289 INFO [tempest.lib.common.rest_client] Request (ProjectReaderTests:test_delete_volume_transfer): 202 DELETE https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/286b8be2-b573-41a2-a8d8-2415ed615c81 0.075s
2024-06-17 09:29:06,494 93289 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
        Body: None
    Response - Headers: {'date': 'Mon, 17 Jun 2024 09:29:06 GMT', 'server': 'Apache/2.4.52 (Ubuntu)', 'content-length': '0', 'content-type': 'text/html; charset=UTF-8', 'openstack-api-version': 'volume 3.0', 'vary': 'OpenStack-API-Version', 'x-openstack-request-id': 'req-ec07f5a7-03e3-467c-bb40-fce98fcf9bda', 'connection': 'close', 'status': '202', 'content-location': 'https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/286b8be2-b573-41a2-a8d8-2415ed615c81'}
        Body: b''

accept volume transfer:
2024-06-17 09:29:01,014 93289 INFO [tempest.lib.common.rest_client] Request (ProjectReaderTests:test_accept_volume_transfer): 202 POST https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/637e81b8-6ebc-4489-be55-1354bc95dfd5/accept 0.923s
2024-06-17 09:29:01,014 93289 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
        Body: {"accept": {"auth_key": "712de4be72849bf9"}}
    Response - Headers: {'date': 'Mon, 17 Jun 2024 09:29:00 GMT', 'server': 'Apache/2.4.52 (Ubuntu)', 'content-type': 'application/json', 'x-compute-request-id': 'req-fde3ee86-7257-4923-aa96-1ee24b1ffa4f', 'content-length': '437', 'openstack-api-version': 'volume 3.0', 'vary': 'OpenStack-API-Version', 'x-openstack-request-id': 'req-fde3ee86-7257-4923-aa96-1ee24b1ffa4f', 'connection': 'close', 'status': '202', 'content-location': 'https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/637e81b8-6ebc-4489-be55-1354bc95dfd5/accept'}
        Body: b'{"transfer": {"id": "637e81b8-6ebc-4489-be55-1354bc95dfd5", "volume_id": "47740399-efa8-4503-a0ae-19a99a527429", "name": null, "links": [{"rel": "self", "href": "https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/637e81b8-6ebc-4489-be55-1354bc95dfd5"}, {"rel": "bookmark", "href": "https://10.210.192.86/volume/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/637e81b8-6ebc-4489-be55-1354bc95dfd5"}]}}'

cinder version: 7.4.1
Failing job:
https://zuul.opendev.org/t/openstack/build/1da1414a2f65458cbebe2b488b43ff48

Tags:

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.