Juniper Openstack

RBAC for analytics alarms doesnt work

Bug #1735054 reported by Senthilnathan Murugappan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R4.1
Fix Committed
Critical
Sundaresan Rajangam
Juniper Openstack r4.1.1.0
Trunk
Fix Committed
Critical
Sundaresan Rajangam
Juniper Openstack r5.0.0

Bug Description

RBAC for analytics alarms doesnt work

(Pdb) pp self.UveTypeToConfigObjectType
{'service-instance': 'service_instance',
 'virtual-machine': 'virtual_machine',
 'virtual-machine-interface': 'virtual_machine_interface',
 'virtual-network': 'virtual_network'}
(Pdb) pp uve_type
'ObjectVNTable'
(Pdb) list
486 return None
487 if uve_type in self.UveTypeToConfigObjectType and \
488 self._args.aaa_mode == AAA_MODE_RBAC:
489 cfg_type = self.UveTypeToConfigObjectType[uve_type]
490 return self.get_resource_list(cfg_type)
491 -> if raise_exp:
492 raise bottle.HTTPResponse(status = 401,
493 body = 'Authentication required',
494 headers = self._reject_auth_headers())
495 else:
496 return []

Senthilnathan Murugappan (msenthil)
tags: removed: releasenote
Jeba Paulaiyan (jebap)
tags: added: releasenote
Revision history for this message
Jeba Paulaiyan (jebap) wrote :

Releasenotes:

RBAC for analytics alarms doesnt work

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.1

Review in progress for https://review.opencontrail.org/38354
Submitter: Sundaresan Rajangam (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/38508
Submitter: Sundaresan Rajangam (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/38354
Committed: http://github.com/Juniper/contrail-controller/commit/1ccb37c538787dcb6c3f1902beca009cf46a02f4
Submitter: Zuul (<email address hidden>)
Branch: R4.1

commit 1ccb37c538787dcb6c3f1902beca009cf46a02f4
Author: Sundaresan Rajangam <email address hidden>
Date: Thu Dec 14 12:07:14 2017 -0800

Fix RBAC for /analytics/alarms API

For /analytics/alarms request, uve_type is not passed correctly to
get_resource_list_from_uve_type(). get_resource_list_from_uve_type()
expects user visible name for uve_type, where as alarms_http_get()
passes internal value of uve_type resulting in analytics-api throwing
error for non admin users.

Change-Id: I220ca397084ae9f6e3a4b6b723ea53267e2eeb34
Closes-Bug: #1735054

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/38508
Committed: http://github.com/Juniper/contrail-analytics/commit/a20d05b98abcc77a45f4e6bd19316fbc4a038fd8
Submitter: Zuul (<email address hidden>)
Branch: master

commit a20d05b98abcc77a45f4e6bd19316fbc4a038fd8
Author: Sundaresan Rajangam <email address hidden>
Date: Wed Dec 20 22:49:58 2017 -0800

Fix RBAC for /analytics/alarms API

For /analytics/alarms request, uve_type is not passed correctly to
get_resource_list_from_uve_type(). get_resource_list_from_uve_type()
expects user visible name for uve_type, where as alarms_http_get()
passes internal value of uve_type resulting in analytics-api throwing
error for non admin users.

Change-Id: I30959d645483740b2c753c4209442e013f94b9db
Closes-Bug: #1735054

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.