OpenStack Shared File Systems Service (Manila)

Access rules visibility and deletion locks lookup should be performed using elevated context

Bug #2089061 reported by Carlos da Silva on 2024-11-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Shared File Systems Service (Manila)	Fix Released	Undecided	Unassigned

Bug Description

Description
===========
Access rules details should be hidden from users when a visibility lock has been placed, as well as the deletion should be prevented when a deletion lock is in place. Currently, we are not looking up for existing resource locks within all projects when listing or deleting access rules.

Steps to reproduce
==================

With the demo user:
- create a share
- create a VM
- attach the share to the VM via the nova API
- nova-compute uses nova's service token to create an access to the user provided share
- list the access for their share and see the access created by the nova service user

Expected result
===============
The IP of the access rule should be redacted and not displayed to the demo user.

Actual result
=============
The IP is not being redacted and it is being displayed.

Environment
===========
1. Devstack in the master branch, Ubuntu 22.04
2. VirtioFS series applied

See original description

Carlos da Silva (silvacarlose) on 2024-11-19

summary:	- Access rules visibility and deletion should look for locks in all - projects + Access rules visibility and deletion locks lookup should be performed by + elevated context
summary:	- Access rules visibility and deletion locks lookup should be performed by - elevated context + Access rules visibility and deletion locks lookup should be performed + using elevated context

Carlos da Silva (silvacarlose) on 2024-11-19

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-11-20: Fix proposed to manila (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/manila/+/935732

Changed in manila:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-11-22: Fix merged to manila (master)

Reviewed: https://review.opendev.org/c/openstack/manila/+/935732
Committed: https://opendev.org/openstack/manila/commit/3d80e8668bb3ce96d9d0c099964bb5ca0a6df60b
Submitter: "Zuul (22348)"
Branch: master

commit 3d80e8668bb3ce96d9d0c099964bb5ca0a6df60b
Author: Carlos Eduardo <email address hidden>
Date: Tue Nov 19 19:53:11 2024 -0300

Fix access rule visibility locks

    Access rule visibility and deletion locks were not being properly
    retrieved when listing, showing and deleting access rules, leading
    to an unexpected behavior.

    Fixes that issue by elevating the context and making sure that
    we are looking for all of the locks placed against the access
    rule.

    Closes-Bug: #2089061
    Change-Id: Ib6667df25c8935826e673f180848887fe4fff8d6
    Signed-off-by: Carlos Eduardo <email address hidden>

Changed in manila:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-11-26: Fix proposed to manila (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/manila/+/936304

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-11-26: Fix proposed to manila (stable/2024.2)

Fix proposed to branch: stable/2024.2
Review: https://review.opendev.org/c/openstack/manila/+/936307

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-11-26: Fix proposed to manila (stable/2023.2)

Fix proposed to branch: stable/2023.2
Review: https://review.opendev.org/c/openstack/manila/+/936308

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2025-03-14: Fix included in openstack/manila 20.0.0.0rc1

This issue was fixed in the openstack/manila 20.0.0.0rc1 Epoxy release candidate.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2025-04-30: Fix merged to manila (stable/2024.2)

Reviewed: https://review.opendev.org/c/openstack/manila/+/936307
Committed: https://opendev.org/openstack/manila/commit/112791a8ea2bca2160fb5f6189d7797193db0a2b
Submitter: "Zuul (22348)"
Branch: stable/2024.2

commit 112791a8ea2bca2160fb5f6189d7797193db0a2b
Author: Carlos Eduardo <email address hidden>
Date: Tue Nov 19 19:53:11 2024 -0300

Fix access rule visibility locks

    Access rule visibility and deletion locks were not being properly
    retrieved when listing, showing and deleting access rules, leading
    to an unexpected behavior.

    Fixes that issue by elevating the context and making sure that
    we are looking for all of the locks placed against the access
    rule.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2025-04-30: Fix merged to manila (stable/2024.1)

Reviewed: https://review.opendev.org/c/openstack/manila/+/936304
Committed: https://opendev.org/openstack/manila/commit/57408d5abf703fff79307a75bb203350aa9a2756
Submitter: "Zuul (22348)"
Branch: stable/2024.1

commit 57408d5abf703fff79307a75bb203350aa9a2756
Author: Carlos Eduardo <email address hidden>
Date: Tue Nov 19 19:53:11 2024 -0300

Fix access rule visibility locks

    Access rule visibility and deletion locks were not being properly
    retrieved when listing, showing and deleting access rules, leading
    to an unexpected behavior.

    Fixes that issue by elevating the context and making sure that
    we are looking for all of the locks placed against the access
    rule.

    Closes-Bug: #2089061
    Change-Id: Ib6667df25c8935826e673f180848887fe4fff8d6
    Signed-off-by: Carlos Eduardo <email address hidden>
    (cherry picked from commit 3d80e8668bb3ce96d9d0c099964bb5ca0a6df60b)
    (cherry picked from commit 112791a8ea2bca2160fb5f6189d7797193db0a2b)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2025-05-01: Fix merged to manila (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/manila/+/936308
Committed: https://opendev.org/openstack/manila/commit/3f9240a8f5a33d781d59809c275c000e96fc130a
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 3f9240a8f5a33d781d59809c275c000e96fc130a
Author: Carlos Eduardo <email address hidden>
Date: Tue Nov 19 19:53:11 2024 -0300

Fix access rule visibility locks

    Access rule visibility and deletion locks were not being properly
    retrieved when listing, showing and deleting access rules, leading
    to an unexpected behavior.

    Fixes that issue by elevating the context and making sure that
    we are looking for all of the locks placed against the access
    rule.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2025-05-01: Fix included in openstack/manila 17.4.0

#10

This issue was fixed in the openstack/manila 17.4.0 Bobcat release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2025-05-01: Fix included in openstack/manila 18.3.0

#11

This issue was fixed in the openstack/manila 18.3.0 Caracal release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2025-05-01: Fix included in openstack/manila 19.1.0

#12

This issue was fixed in the openstack/manila 19.1.0 Dalmatian release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.