2012-10-10 09:07:39 |
Vijaya Erukala |
bug |
|
|
added bug |
2012-11-02 17:13:33 |
Davanum Srinivas (DIMS) |
tags |
|
ec2 |
|
2012-11-07 08:22:05 |
Russell Bryant |
bug |
|
|
added subscriber OpenStack Vulnerability Management team |
2012-11-07 08:22:42 |
Russell Bryant |
information type |
Public |
Public Security |
|
2012-11-07 18:12:38 |
Vish Ishaya |
affects |
nova |
keystone |
|
2012-11-07 18:12:49 |
Vish Ishaya |
keystone: importance |
Undecided |
Critical |
|
2012-11-07 18:12:51 |
Vish Ishaya |
keystone: status |
New |
Triaged |
|
2012-11-12 17:04:15 |
Joseph Heck |
keystone: status |
Triaged |
Invalid |
|
2012-11-13 08:32:55 |
Thierry Carrez |
information type |
Public Security |
Public |
|
2012-11-13 08:33:09 |
Thierry Carrez |
bug |
|
|
added subscriber Thierry Carrez |
2012-11-13 08:33:12 |
Thierry Carrez |
removed subscriber OpenStack Vulnerability Management team |
|
|
|
2012-11-13 22:29:40 |
Vish Ishaya |
keystone: status |
Invalid |
Confirmed |
|
2012-11-13 22:30:21 |
Joseph Heck |
keystone: status |
Confirmed |
Triaged |
|
2012-11-13 22:32:30 |
Joseph Heck |
keystone: status |
Triaged |
Confirmed |
|
2012-11-13 22:34:29 |
Joseph Heck |
summary |
Able to access ec2 resources with out a user-role |
Removing user from a tenant isn't invalidating user access to tenant |
|
2012-11-13 22:35:23 |
Joseph Heck |
description |
Steps to reproduce:
1.I have created a user,tenant and ec2 credentials using keystone and didnt associated a role
then try to run
$ euca-describe-images
Unauthorized: Failure communicating with keystone2
2.then associated a role to the user
$keystone user-role-add --user-id ee32bff3e1524a2b82fe804aac0ce682 --tenant-id cf38a72df8a14bb8984c699edfceb1c3 --role-id 26760c0f9ed045fcb70112f7b16813b3
3.then again I ran
$ euca-describe-images
IMAGE ami-00000002 None (cirros-0.3.0-x86_64-uec) 597b866b450d491f889b9432a564e9a9 available public machineaki-00000001 ari-00000003 instance-store
IMAGE ari-00000003 None (cirros-0.3.0-x86_64-uec-ramdisk) 597b866b450d491f889b9432a564e9a9 available public ramdisk instance-store
IMAGE aki-00000001 None (cirros-0.3.0-x86_64-uec-kernel) 597b866b450d491f889b9432a564e9a9 available public kernel instance-store
4.remove the user-role
keystone user-role-delete --user-id ee32bff3e1524a2b82fe804aac0ce682 --tenant-id cf38a72df8a14bb8984c699edfceb1c3 --role-id 26760c0f9ed045fcb70112f7b16813b3
5.now the user doesn't have any role associated,now again run
$ euca-describe-images
IMAGE ami-00000002 None (cirros-0.3.0-x86_64-uec) 597b866b450d491f889b9432a564e9a9 available public machineaki-00000001 ari-00000003 instance-store
IMAGE ari-00000003 None (cirros-0.3.0-x86_64-uec-ramdisk) 597b866b450d491f889b9432a564e9a9 available public ramdisk instance-store
IMAGE aki-00000001 None (cirros-0.3.0-x86_64-uec-kernel) 597b866b450d491f889b9432a564e9a9 available public kernel instance-store
here user should get the message as in step 2 but it was successful.
not sure if this is a bug with keystone or ec2. |
Was: (Able to access ec2 resources with out a user-role)
Steps to reproduce:
1.I have created a user,tenant and ec2 credentials using keystone and didnt associated a role
then try to run
$ euca-describe-images
Unauthorized: Failure communicating with keystone2
2.then associated a role to the user
$keystone user-role-add --user-id ee32bff3e1524a2b82fe804aac0ce682 --tenant-id cf38a72df8a14bb8984c699edfceb1c3 --role-id 26760c0f9ed045fcb70112f7b16813b3
3.then again I ran
$ euca-describe-images
IMAGE ami-00000002 None (cirros-0.3.0-x86_64-uec) 597b866b450d491f889b9432a564e9a9 available public machineaki-00000001 ari-00000003 instance-store
IMAGE ari-00000003 None (cirros-0.3.0-x86_64-uec-ramdisk) 597b866b450d491f889b9432a564e9a9 available public ramdisk instance-store
IMAGE aki-00000001 None (cirros-0.3.0-x86_64-uec-kernel) 597b866b450d491f889b9432a564e9a9 available public kernel instance-store
4.remove the user-role
keystone user-role-delete --user-id ee32bff3e1524a2b82fe804aac0ce682 --tenant-id cf38a72df8a14bb8984c699edfceb1c3 --role-id 26760c0f9ed045fcb70112f7b16813b3
5.now the user doesn't have any role associated,now again run
$ euca-describe-images
IMAGE ami-00000002 None (cirros-0.3.0-x86_64-uec) 597b866b450d491f889b9432a564e9a9 available public machineaki-00000001 ari-00000003 instance-store
IMAGE ari-00000003 None (cirros-0.3.0-x86_64-uec-ramdisk) 597b866b450d491f889b9432a564e9a9 available public ramdisk instance-store
IMAGE aki-00000001 None (cirros-0.3.0-x86_64-uec-kernel) 597b866b450d491f889b9432a564e9a9 available public kernel instance-store
here user should get the message as in step 2 but it was successful.
not sure if this is a bug with keystone or ec2. |
|
2012-11-13 22:58:18 |
Joseph Heck |
keystone: status |
Confirmed |
Invalid |
|
2012-11-13 23:51:50 |
Vish Ishaya |
keystone: status |
Invalid |
In Progress |
|
2012-11-13 23:51:54 |
Vish Ishaya |
keystone: assignee |
|
Vish Ishaya (vishvananda) |
|
2012-11-14 00:14:50 |
Vish Ishaya |
tags |
ec2 |
ec2 folsom-backport |
|
2012-11-14 08:40:59 |
Thierry Carrez |
information type |
Public |
Public Security |
|
2012-11-14 08:41:10 |
Thierry Carrez |
nominated for series |
|
keystone/folsom |
|
2012-11-14 08:41:10 |
Thierry Carrez |
bug task added |
|
keystone/folsom |
|
2012-11-14 13:01:38 |
Thierry Carrez |
bug |
|
|
added subscriber OpenStack Vulnerability Management team |
2012-11-15 22:52:07 |
OpenStack Infra |
keystone: status |
In Progress |
Fix Committed |
|
2012-11-16 13:11:42 |
OpenStack Infra |
keystone/folsom: status |
New |
In Progress |
|
2012-11-16 13:11:42 |
OpenStack Infra |
keystone/folsom: assignee |
|
Thierry Carrez (ttx) |
|
2012-11-16 18:00:50 |
OpenStack Infra |
keystone/folsom: status |
In Progress |
Fix Committed |
|
2012-11-20 20:28:32 |
Joseph Heck |
keystone: milestone |
|
grizzly-1 |
|
2012-11-20 20:48:07 |
Mark McLoughlin |
keystone/folsom: milestone |
|
2012.2.1 |
|
2012-11-22 09:19:33 |
Thierry Carrez |
keystone: status |
Fix Committed |
Fix Released |
|
2012-11-22 13:06:24 |
Thierry Carrez |
nominated for series |
|
keystone/essex |
|
2012-11-22 13:06:24 |
Thierry Carrez |
bug task added |
|
keystone/essex |
|
2012-11-22 13:06:42 |
Thierry Carrez |
bug |
|
|
added subscriber OpenStack Essex Stable Maintainers |
2012-11-22 13:30:41 |
Yolanda Robla |
keystone/essex: assignee |
|
Yolanda Robla (yolanda.robla) |
|
2012-11-22 14:10:42 |
OpenStack Infra |
keystone/essex: status |
New |
In Progress |
|
2012-11-22 19:41:24 |
OpenStack Infra |
keystone/essex: status |
In Progress |
Fix Committed |
|
2012-11-27 08:13:32 |
Thierry Carrez |
cve linked |
|
2012-5571 |
|
2012-11-28 19:14:14 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-security/keystone |
|
2012-11-28 19:14:17 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/quantal/keystone/quantal-security |
|
2012-11-29 22:12:18 |
Mark McLoughlin |
keystone/folsom: status |
Fix Committed |
Fix Released |
|
2012-11-29 22:13:19 |
Mark McLoughlin |
keystone/folsom: importance |
Undecided |
Critical |
|
2012-11-30 10:27:07 |
Thierry Carrez |
removed subscriber OpenStack Vulnerability Management team |
|
|
|
2012-11-30 23:38:44 |
Launchpad Janitor |
branch linked |
|
lp:~gandelman-a/ubuntu/quantal/keystone/2012.2.1 |
|
2012-12-03 21:32:30 |
Adam Gandelman |
keystone (Ubuntu): status |
New |
Fix Released |
|
2012-12-03 21:32:34 |
Adam Gandelman |
nominated for series |
|
Ubuntu Quantal |
|
2012-12-03 21:32:35 |
Adam Gandelman |
bug task added |
|
keystone (Ubuntu Quantal) |
|
2012-12-03 21:32:37 |
Adam Gandelman |
keystone (Ubuntu Quantal): status |
New |
Confirmed |
|
2012-12-03 21:56:59 |
Jamie Strandboge |
keystone (Ubuntu Quantal): status |
Confirmed |
Fix Released |
|
2012-12-11 09:56:31 |
Yolanda Robla |
nominated for series |
|
Ubuntu Precise |
|
2012-12-11 13:50:45 |
Launchpad Janitor |
branch linked |
|
lp:~openstack-ubuntu-testing/keystone/precise-essex-proposed |
|
2012-12-28 16:05:08 |
Clint Byrum |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2012-12-28 16:05:13 |
Clint Byrum |
bug |
|
|
added subscriber SRU Verification |
2012-12-28 16:05:16 |
Clint Byrum |
tags |
ec2 folsom-backport |
ec2 folsom-backport verification-needed |
|
2013-01-06 21:18:30 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/quantal-proposed/keystone |
|
2013-04-04 09:08:24 |
Thierry Carrez |
keystone: milestone |
grizzly-1 |
2013.1 |
|
2013-05-09 23:47:29 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/keystone |
|
2013-05-16 07:44:05 |
Yolanda Robla |
attachment added |
|
2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.log https://bugs.launchpad.net/bugs/1064914/+attachment/3678050/+files/2012.1.3%2Bstable-20130423-f48dd0fc-0ubuntu1.log |
|
2013-05-16 07:45:39 |
Yolanda Robla |
tags |
ec2 folsom-backport verification-needed |
ec2 folsom-backport verification-done |
|
2013-05-16 17:27:24 |
Scott Kitterman |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2013-06-07 15:28:56 |
Thierry Carrez |
summary |
Removing user from a tenant isn't invalidating user access to tenant |
[OSSA-2012-018] Removing user from a tenant isn't invalidating user access to tenant |
|
2013-06-07 15:29:16 |
Thierry Carrez |
bug task added |
|
ossa |
|
2013-06-07 15:29:29 |
Thierry Carrez |
ossa: status |
New |
Fix Released |
|
2013-06-07 15:29:29 |
Thierry Carrez |
ossa: assignee |
|
Thierry Carrez (ttx) |
|
2014-06-04 23:31:50 |
Morgan Fainberg |
keystone/essex: status |
Fix Committed |
Fix Released |
|