Remove fmClientCli from the image
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Won't Fix
|
Low
|
Dariush Eslimi |
Bug Description
Brief Description
-----------------
I was playing around with fault components and I noticed that I'm able to query, create and delete alarms with fmClientCli and the fm_core python module.
As I understand the `fm` cli (from python-fmclient) creates a request to keystone before connecting to the fm-rest-api to perform the operation. However this is not the case for fmClientCli, I can create an alarm with the following command.
$ fmClientCli -c "blabla#
and delete it with:
$ fmClientCli -d "###100.
This without doing the `source /etc/platform/
Severity
------
Minor: System/Feature is usable with minor issue
Steps to Reproduce
------------------
See above
Expected Behavior
------------------
fmClientCli should be removed from the image to avoid potential misuse by un-authenticated users.
Actual Behavior
----------------
fmClientCli is present in the image and can be mis-used
Reproducibility
---------------
100%
System Configuration
-------
N/A
Branch/Pull Time/Commit
-------
N/A
Last Pass
---------
N/A
Timestamp/Logs
--------------
See above
Changed in starlingx: | |
importance: | Undecided → Medium |
tags: | added: stx.3.0 |
Email from Tao Liu:
If the decision is to remove the fmClientCli utility from the image, one or two dependencies will also need to be updated (i.e. IMA appraisal failure event is raised using this tool).