OpenStack Shared File Systems Service (Manila)

share replica list is not checking project owner

Bug #1922243 reported by Maurice Escher
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
Fix Released
Undecided
Unassigned

Bug Description

Hi,

listing replicas doesn't filter on project_id (they don't even have a project_id column), so doing an API call to list them will always return the list of all replicas in all projects, not just those that belong to the project where my token is valid.

Same is true for share instances (replicas are just special instances).

I suggest to introduce the same pattern like we have for shares with an option to get everything for admins (all_projects=true) and filtering by project by default.

What do you think?

BR,
Maurice

Revision history for this message
Maurice Escher (maurice-escher) wrote :

proposed fix https://review.opendev.org/c/openstack/manila/+/784449

OpenStack Infra (hudson-openstack)
Changed in manila:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila-tempest-plugin (master)

Reviewed: https://review.opendev.org/c/openstack/manila-tempest-plugin/+/809472
Committed: https://opendev.org/openstack/manila-tempest-plugin/commit/e17b434f845f13619b27e49fe9650de622b10c21
Submitter: "Zuul (22348)"
Branch: master

commit e17b434f845f13619b27e49fe9650de622b10c21
Author: Goutham Pacha Ravi <email address hidden>
Date: Tue Feb 15 15:20:38 2022 -0800

    Fix replica cleanup

    Add the appropriate client responsible for
    replica cleanup to the deferred cleaner.

    Partial-Bug: #1922243
    Change-Id: I69c31a33c1aad8edae2d90ad6101da1be650be85
    Signed-off-by: Goutham Pacha Ravi <email address hidden>

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila (master)

Reviewed: https://review.opendev.org/c/openstack/manila/+/784449
Committed: https://opendev.org/openstack/manila/commit/6484de925119ffb3614921b59045a958a404d43d
Submitter: "Zuul (22348)"
Branch: master

commit 6484de925119ffb3614921b59045a958a404d43d
Author: Maurice Escher <email address hidden>
Date: Thu Apr 1 18:38:58 2021 +0200

    Check project permissions for share replicas

    Fixed the issue of returning more share replicas than we should
    be in a project context. Derived project id from parent share in
    the share replicas listing query in non-admin share replicas
    listing request scenarios.

    Change-Id: If28d97a9916ce56d7f7bf93274f5618eee01c209
    Closes-Bug: #1922243
    Depends-On: I69c31a33c1aad8edae2d90ad6101da1be650be85

Changed in manila:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to manila (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/manila/+/840736

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/manila/+/840736
Committed: https://opendev.org/openstack/manila/commit/886c2258528a8cd2ad2d8a68634a265a257f8c7d
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit 886c2258528a8cd2ad2d8a68634a265a257f8c7d
Author: Maurice Escher <email address hidden>
Date: Thu Apr 1 18:38:58 2021 +0200

    Check project permissions for share replicas

    Fixed the issue of returning more share replicas than we should
    be in a project context. Derived project id from parent share in
    the share replicas listing query in non-admin share replicas
    listing request scenarios.

    Change-Id: If28d97a9916ce56d7f7bf93274f5618eee01c209
    Closes-Bug: #1922243
    Depends-On: I69c31a33c1aad8edae2d90ad6101da1be650be85
    (cherry picked from commit 6484de925119ffb3614921b59045a958a404d43d)

tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to manila (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/manila/+/848720

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/manila 15.0.0.0rc1

This issue was fixed in the openstack/manila 15.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/manila/+/848720
Committed: https://opendev.org/openstack/manila/commit/6cc760e0a301051dcf6fc4bd8a3a36640584538d
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 6cc760e0a301051dcf6fc4bd8a3a36640584538d
Author: Maurice Escher <email address hidden>
Date: Thu Apr 1 18:38:58 2021 +0200

    Check project permissions for share replicas

    Fixed the issue of returning more share replicas than we should
    be in a project context. Derived project id from parent share in
    the share replicas listing query in non-admin share replicas
    listing request scenarios.

    Change-Id: If28d97a9916ce56d7f7bf93274f5618eee01c209
    Closes-Bug: #1922243
    Depends-On: I69c31a33c1aad8edae2d90ad6101da1be650be85
    (cherry picked from commit 6484de925119ffb3614921b59045a958a404d43d)
    (cherry picked from commit 886c2258528a8cd2ad2d8a68634a265a257f8c7d)

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to manila (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/manila/+/864031

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/manila 14.0.1

This issue was fixed in the openstack/manila 14.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/manila 13.0.4

This issue was fixed in the openstack/manila 13.0.4 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to manila (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/manila/+/874494

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/manila/+/864031
Committed: https://opendev.org/openstack/manila/commit/306b6483a86c264b15d54152bbc98d25a2ba7707
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 306b6483a86c264b15d54152bbc98d25a2ba7707
Author: Maurice Escher <email address hidden>
Date: Thu Apr 1 18:38:58 2021 +0200

    Check project permissions for share replicas

    Fixed the issue of returning more share replicas than we should
    be in a project context. Derived project id from parent share in
    the share replicas listing query in non-admin share replicas
    listing request scenarios.

    Change-Id: If28d97a9916ce56d7f7bf93274f5618eee01c209
    Closes-Bug: #1922243
    Depends-On: I69c31a33c1aad8edae2d90ad6101da1be650be85
    (cherry picked from commit 6484de925119ffb3614921b59045a958a404d43d)
    (cherry picked from commit 886c2258528a8cd2ad2d8a68634a265a257f8c7d)
    (cherry picked from commit 6cc760e0a301051dcf6fc4bd8a3a36640584538d)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/manila wallaby-eom

This issue was fixed in the openstack/manila wallaby-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on manila (stable/victoria)

Change abandoned by "Elod Illes <email address hidden>" on branch: stable/victoria
Review: https://review.opendev.org/c/openstack/manila/+/874494
Reason: stable/victoria branch of openstack/manila is about to be deleted. To be able to do that, all open patches need to be abandoned. Please cherry pick the patch to unmaintained/victoria if you want to further work on this patch.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.