2016-04-09 00:57:51 |
Ken'ichi Ohmichi |
description |
search deleted instance is only for admin so we should disallow non-admin search for deleted and soft_deleted instances
jichen@devstack1:~$ curl -g -i -X GET http://192.168.122.239:8774/v2.1/d1c5aa58af6c426492c642eb649017be/servers/detail?status=soft_deleted -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-OpenStack-Nova-API-Version: 2.6" -H "X-Auth-Token: 4414496776a3486ba96a6702f13ed5ce"
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 15
X-Openstack-Nova-Api-Version: 2.6
Vary: X-OpenStack-Nova-API-Version
X-Compute-Request-Id: req-15a68220-093c-4688-b9ac-9dc89215140d
Date: Tue, 15 Dec 2015 16:34:36 GMT
{"servers": []}jichen@devstack1:~$
2015-12-15 11:34:35.991 DEBUG nova.compute.api [req-15a68220-093c-4688-b9ac-9dc89215140d demo demo] Searching by: {'deleted': False, 'vm_state': ['soft-delete'], 'project_id': u'd1c5aa58af6c426492c642eb649017be'} from (pid=26588) get_all /opt/stack/nova/nova/compute/api.py:2055 |
search deleted instance is only for admin.
So we should disallow non-admin search for deleted and soft_deleted instances
$ curl -g -i -X GET http://192.168.122.239:8774/v2.1/d1c5aa58af6c426492c642eb649017be/servers/detail?status=soft_deleted -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-OpenStack-Nova-API-Version: 2.6" -H "X-Auth-Token: 4414496776a3486ba96a6702f13ed5ce"
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 15
X-Openstack-Nova-Api-Version: 2.6
Vary: X-OpenStack-Nova-API-Version
X-Compute-Request-Id: req-15a68220-093c-4688-b9ac-9dc89215140d
Date: Tue, 15 Dec 2015 16:34:36 GMT
{"servers": []}
$
2015-12-15 11:34:35.991 DEBUG nova.compute.api [req-15a68220-093c-4688-b9ac-9dc89215140d demo demo] Searching by: {'deleted': False, 'vm_state': ['soft-delete'], 'project_id': u'd1c5aa58af6c426492c642eb649017be'} from (pid=26588) get_all /opt/stack/nova/nova/compute/api.py:2055 |
|