cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Prachi Damle (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-2078) Anti-Affinity - Error messages when deploying Vm in affinity group /deleting affinity group that does not belong to the user expose account Id and affinity group Id.
Date Thu, 18 Apr 2013 18:02:14 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-2078?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13635449#comment-13635449
] 

Prachi Damle commented on CLOUDSTACK-2078:
------------------------------------------

This has been fixed by commit:

Commit hash:	e03176c4d47d4c109f935beceb557e0c2de9a6c6


Apart from the UUID, we need not log any other details for AffinityGroup in error messages.

Contained in branches: master
Contained in no tag


                
> Anti-Affinity - Error messages when deploying Vm in affinity group /deleting affinity
group that does not belong to the user expose account Id and affinity group Id.
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-2078
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2078
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.2.0
>         Environment: Build from master
>            Reporter: Sangeetha Hariharan
>            Assignee: Prachi Damle
>             Fix For: 4.2.0
>
>
> In the following scenarios , we expose affinity_group_id and account_id in error messages.
> 1. Error message when 1 regular user tries to delete affinity group that belongs to other
user by passing the uuid, We expose the affinity_group_id and account_id in this error message.
> 530 Error text: Acct[3-sangee] does not have permission to operate with resource AffinityGroup[7|test-2|host
anti-affinity]
>  
> 2. Error message includes account Id when trying to deploy a Vm in a affinity group name
that does not belong to this account:
>  
> Error message seen  - { "deployvirtualmachineresponse" : {"errorcode":431,"cserrorcode":4350,"errortext":"Unable
to find group by name sangee-1456 for account 2"} }
>  
> 3. When trying to deploy a Vm in a affinity group that does not belong to this account
by passing affinitygroupids:
> 2013-04-17 16:24:39,160 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null) ===START===
 10.217.252.128 -- GET  command=deployVirtualMachin
> e&zoneId=63fb31bd-de23-40d5-a710-4a6b922d153c&templateId=aa7c5240-a625-11e2-8627-06d4460004b1&hypervisor=XenServer&serviceOfferingId=8b3e4d
> d8-f8ae-4e12-9551-604fbb6c6313&networkIds=40ae3118-1004-4616-96ee-bd42beb9b8e1&displayname=testnew15&name=testnew15&response=json&sessionke
> y=mAdgavcYHN1AOy5Ox9a%2Fad%2B8Bt0%3D&affinitygroupids=6e2dac53-6e28-4fa9-aec8-c55719bef51e
> 2013-04-17 16:24:39,167 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) InfrastructureEntity
name is:com.cloud.offering.ServiceOffer
> ing
> 2013-04-17 16:24:39,170 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) ControlledEntity
name is:com.cloud.template.VirtualMachineTe
> mplate
> 2013-04-17 16:24:39,172 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) ControlledEntity
name is:com.cloud.network.Network
> 2013-04-17 16:24:39,175 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) ControlledEntity
name is:org.apache.cloudstack.affinity.Affi
> nityGroup
> 2013-04-17 16:24:39,176 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-8:null)
Access to Acct[3-sangee] granted to Acct[3-sangee] by
> DomainChecker_EnhancerByCloudStack_daf355b4
> 2013-04-17 16:24:39,177 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-8:null)
Access to Acct[3-sangee] granted to Acct[3-sangee] by
> DomainChecker_EnhancerByCloudStack_daf355b4
> 2013-04-17 16:24:39,180 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-8:null)
Access to Ntwk[204|Guest|8] granted to Acct[3-sangee]
> by DomainChecker_EnhancerByCloudStack_daf355b4
> 2013-04-17 16:24:39,181 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-8:null)
Access to Tmpl[5-VHD-centos56-x86_64-xen granted to Ac
> ct[3-sangee] by DomainChecker_EnhancerByCloudStack_daf355b4
> 2013-04-17 16:24:39,182 INFO  [cloud.api.ApiServer] (catalina-exec-8:null) PermissionDenied:
Acct[3-sangee] does not have permission to ope
> rate with resource AffinityGroup[7|test-2|host anti-affinity] on uuids: []
> 2013-04-17 16:24:39,182 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null) ===END===
 10.217.252.128 -- GET  command=deployVirtualMachine&
> zoneId=63fb31bd-de23-40d5-a710-4a6b922d153c&templateId=aa7c5240-a625-11e2-8627-06d4460004b1&hypervisor=XenServer&serviceOfferingId=8b3e4dd8
> -f8ae-4e12-9551-604fbb6c6313&networkIds=40ae3118-1004-4616-96ee-bd42beb9b8e1&displayname=testnew15&name=testnew15&response=json&sessionkey=
> mAdgavcYHN1AOy5Ox9a%2Fad%2B8Bt0%3D&affinitygroupids=6e2dac53-6e28-4fa9-aec8-c55719bef51e
>  
>  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message