StarlingX

Remove fmClientCli from the image

Bug #1848280 reported by Bruce Jones
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Won't Fix
Low
Dariush Eslimi

Bug Description

Brief Description
-----------------
I was playing around with fault components and I noticed that I'm able to query, create and delete alarms with fmClientCli and the fm_core python module.

As I understand the `fm` cli (from python-fmclient) creates a request to keystone before connecting to the fm-rest-api to perform the operation. However this is not the case for fmClientCli, I can create an alarm with the following command.

$ fmClientCli -c "blabla###100.114###set###host###host=controller-0.ntp###2019-10-14 02:28:09.5432###major###This is a dummy alarm created by hand###communication###not-applicable###Monitor and if condition persists, we are sorry###False###True###False###"

and delete it with:

$ fmClientCli -d "###100.114###host=controller-0.ntp"

This without doing the `source /etc/platform/openrc`, I'm even allowed to create alarms from a non sysadmin user.

Severity
------
Minor: System/Feature is usable with minor issue

Steps to Reproduce
------------------
See above

Expected Behavior
------------------
fmClientCli should be removed from the image to avoid potential misuse by un-authenticated users.

Actual Behavior
----------------
fmClientCli is present in the image and can be mis-used

Reproducibility
---------------
100%

System Configuration
--------------------
N/A

Branch/Pull Time/Commit
-----------------------
N/A

Last Pass
---------
N/A

Timestamp/Logs
--------------
See above

Tags: stx.fault
Bruce Jones (brucej)
Changed in starlingx:
importance: Undecided → Medium
tags: added: stx.3.0
Revision history for this message
Bruce Jones (brucej) wrote :

Email from Tao Liu:
If the decision is to remove the fmClientCli utility from the image, one or two dependencies will also need to be updated (i.e. IMA appraisal failure event is raised using this tool).

Revision history for this message
Ghada Khalil (gkhalil) wrote :

Marking as low priority / not gating - this tool has been in the image since day 1. Sometimes it's used to clear stuck alarms. I don't think it's urgent or gating to have it removed. This needs to be further reviewed with the flock-services PL/TL.

Changed in starlingx:
importance: Medium → Low
status: New → Triaged
tags: added: stx.fault
removed: stx.3.0
Changed in starlingx:
assignee: nobody → Dariush Eslimi (deslimi)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Assigning to PL for further review/follow-up action

Revision history for this message
Ramaswamy Subramanian (rsubrama) wrote :

No progress on this bug for more than 2 years. Candidate for closure.

If there is no update, this issue is targeted to be closed as 'Won't Fix' in 2 weeks.

Revision history for this message
Ramaswamy Subramanian (rsubrama) wrote :

Changing the status to 'Won't Fix' as there is no activity.

Changed in starlingx:
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.