Comment 60 for bug 2004555
Revision history for this message
| Gorka Eguileor (gorka) wrote Re: [ussuri] Wrong volume attachment - volumes overlapping when connected through iscsi on host | #60 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Hi Melanie,
Thank you very much for testing the Cinder code, finding the loophole, and providing such detailed instructions.
I incorrectly assumed that keystonemiddleware would not only check that the service token in the header is valid, but that it was actually that of a service role.
I have changed the code to actually check that between the roles from the service token (if a valid one is provided) is actually that of a service.
I'll look on Monday if the new approach also works on older releases (in case we need a different approach for the backports) and also for Glance using Cinder as a backend (in case glance is not sending the service token).
Cheers.