Remove fmClientCli from the image

Bug #1848280 reported by Bruce Jones on 2019-10-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Low
Dariush Eslimi

Bug Description

Brief Description
-----------------
I was playing around with fault components and I noticed that I'm able to query, create and delete alarms with fmClientCli and the fm_core python module.

As I understand the `fm` cli (from python-fmclient) creates a request to keystone before connecting to the fm-rest-api to perform the operation. However this is not the case for fmClientCli, I can create an alarm with the following command.

$ fmClientCli -c "blabla###100.114###set###host###host=controller-0.ntp###2019-10-14 02:28:09.5432###major###This is a dummy alarm created by hand###communication###not-applicable###Monitor and if condition persists, we are sorry###False###True###False###"

and delete it with:

$ fmClientCli -d "###100.114###host=controller-0.ntp"

This without doing the `source /etc/platform/openrc`, I'm even allowed to create alarms from a non sysadmin user.

Severity
------
Minor: System/Feature is usable with minor issue

Steps to Reproduce
------------------
See above

Expected Behavior
------------------
fmClientCli should be removed from the image to avoid potential misuse by un-authenticated users.

Actual Behavior
----------------
fmClientCli is present in the image and can be mis-used

Reproducibility
---------------
100%

System Configuration
--------------------
N/A

Branch/Pull Time/Commit
-----------------------
N/A

Last Pass
---------
N/A

Timestamp/Logs
--------------
See above

Bruce Jones (brucej) on 2019-10-15
Changed in starlingx:
importance: Undecided → Medium
tags: added: stx.3.0
Bruce Jones (brucej) wrote :

Email from Tao Liu:
If the decision is to remove the fmClientCli utility from the image, one or two dependencies will also need to be updated (i.e. IMA appraisal failure event is raised using this tool).

Ghada Khalil (gkhalil) wrote :

Marking as low priority / not gating - this tool has been in the image since day 1. Sometimes it's used to clear stuck alarms. I don't think it's urgent or gating to have it removed. This needs to be further reviewed with the flock-services PL/TL.

Changed in starlingx:
importance: Medium → Low
status: New → Triaged
tags: added: stx.fault
removed: stx.3.0
Changed in starlingx:
assignee: nobody → Dariush Eslimi (deslimi)
Ghada Khalil (gkhalil) wrote :

Assigning to PL for further review/follow-up action

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers