OpenStack Compute (nova)

Nova API exposes hostId to non-admin

Bug #894323 reported by Andrea Frittoli
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Opinion
Wishlist
Unassigned

Bug Description

When querying the details of a VM with a non-admin users, the hostId is included in the list.
This gives visibility to the end user of the spread of his/her tests among physical machines, and I think it shall only be visible to system admins.

REQ: curl -i http://[ip-masked]:8774/v1.1/af1_proj/servers/1837?fresh=1322130236.74 -X GET -H "X-Auth-Project-Id: af1_proj" -H "User-Agent: python-novaclient" -H "X-Auth-Token: f92fc99f52a82d15213a945747149d8c1bd106cc"

RESP:{'date': 'Thu, 24 Nov 2011 10:24:37 GMT', 'status': '200', 'content-length': '902', 'content-type': 'application/json', 'content-location': 'http://[ip-masked]:8774/v1.1/af1_proj/servers/1837?fresh=1322130236.74'} {"server": {"status": "ACTIVE", "updated": "2011-11-23T13:56:57Z", "hostId": "723fe62f46ec18b209943f2e9fca8b5fbee21ab36e146962bc901041", "user_id": "af1_mgr", "name": "af1_n07", "links": [{"href": "http://[ip-masked]:8774/v1.1/af1_proj/servers/1837", "rel": "self"}, {"href": "http://[ip-masked]:8774/af1_proj/servers/1837", "rel": "bookmark"}], "addresses": {"projects": [{"version": 4, "addr": "10.12.224.27"}]}, "tenant_id": "af1_proj", "image": {"id": "182", "links": [{"href": "http://[ip-masked]:8774/af1_proj/images/182", "rel": "bookmark"}]}, "created": "2011-11-23T13:56:36Z", "uuid": "693f7ee5-360d-4d08-a71d-9f8fd8015fb7", "accessIPv4": "", "accessIPv6": "", "key_name": "af1", "progress": 100, "flavor": {"id": "100", "links": [{"href": "http://[ip-masked]:8774/af1_proj/flavors/100", "rel": "bookmark"}]}, "config_drive": "", "id": 1837, "metadata": {"desc": "created from snapshot"}}}

Tags: api nova
Andrea Frittoli (andrea-frittoli)
security vulnerability: yes → no
visibility: private → public
Thierry Carrez (ttx)
Changed in nova:
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Brian Waldon (bcwaldon) wrote :

This was an explicit design decision of the Openstack API. If you can explain how this might be harmful, I'd love to hear it.

Revision history for this message
Andrea Frittoli (andrea-frittoli) wrote :

The hostId gives visibility to the end user of the spread of his/her VMs among physical servers.
Ideally the end use shall have as less information as possible about the underling infrastructure.

What was the design behind having the hostId?
When using the EC2 interface, this information is made available to admins only.

Revision history for this message
Brian Waldon (bcwaldon) wrote :

So HostId is supposed to be a hash of the compute node and the tenant id. This was a forward-thinking feature we wanted to expose to allow users to spread their instances out physically. I don't see it as exposing infrastructure, but more allowing users to strategically position their instances.

Thierry Carrez (ttx)
Changed in nova:
status: Confirmed → Opinion
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.