OpenStack Compute (nova)

disallow non-admin search for soft-delete instance

Bug #1526715 reported by jichenjc
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Invalid
Low
jichenjc

Bug Description

search deleted instance is only for admin.
So we should disallow non-admin search for deleted and soft_deleted instances

$ curl -g -i -X GET http://192.168.122.239:8774/v2.1/d1c5aa58af6c426492c642eb649017be/servers/detail?status=soft_deleted -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-OpenStack-Nova-API-Version: 2.6" -H "X-Auth-Token: 4414496776a3486ba96a6702f13ed5ce"
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 15
X-Openstack-Nova-Api-Version: 2.6
Vary: X-OpenStack-Nova-API-Version
X-Compute-Request-Id: req-15a68220-093c-4688-b9ac-9dc89215140d
Date: Tue, 15 Dec 2015 16:34:36 GMT

{"servers": []}
$

2015-12-15 11:34:35.991 DEBUG nova.compute.api [req-15a68220-093c-4688-b9ac-9dc89215140d demo demo] Searching by: {'deleted': False, 'vm_state': ['soft-delete'], 'project_id': u'd1c5aa58af6c426492c642eb649017be'} from (pid=26588) get_all /opt/stack/nova/nova/compute/api.py:2055

See original description
Tags: api
jichenjc (jichenjc)
Changed in nova:
assignee: nobody → jichenjc (jichenjc)
tags: added: api
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/258472

Changed in nova:
status: New → In Progress
Revision history for this message
Sean Dague (sdague) wrote :

Why is this an issue? I don't understand the concern.

Changed in nova:
status: In Progress → Opinion
OpenStack Infra (hudson-openstack)
Changed in nova:
status: Opinion → In Progress
Ken'ichi Ohmichi (oomichi)
description: updated
melanie witt (melwitt)
Changed in nova:
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to nova (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/354119

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (master)

Reviewed: https://review.openstack.org/354119
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=4b73cd9bb1b87e946930dd71f86bb6a060e6a9b3
Submitter: Jenkins
Branch: master

commit 4b73cd9bb1b87e946930dd71f86bb6a060e6a9b3
Author: jichenjc <email address hidden>
Date: Mon Jul 25 18:17:08 2016 +0800

    Add comment about how status field changed

    There are some review comments on the status , vm_state
    changes confusion in patch https://review.openstack.org/#/c/258472
    for this bug, so this patch added some comments to make
    reviewer easier to read the code logic.

    Change-Id: I65e77feeddcf477bd5550baaa440b4a1a325bb91
    Related-Bug: 1526715

Revision history for this message
Alex Xu (xuhj) wrote :

The non-admin should be enable to search soft-deleted instance, due to they may want to restore/force_delete the instance. The resource/force_delete APIs are allowed for admin_or_owner.

If they can't query the soft-deleted instance, how they know the uuid which they want to restore/force_delete?. So I think the correct behaviour is right.

Revision history for this message
jichenjc (jichenjc) wrote :

ok, this is a valid point ,even though I think the softdelete/restore might be admin only thing
it's not related to bug itself

Changed in nova:
status: In Progress → Invalid
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on nova (master)

Change abandoned by jichenjc (<email address hidden>) on branch: master
Review: https://review.openstack.org/258472

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.