Return-Path: X-Original-To: apmail-cloudstack-issues-archive@www.apache.org Delivered-To: apmail-cloudstack-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DEB4D105EB for ; Thu, 17 Apr 2014 18:01:25 +0000 (UTC) Received: (qmail 25974 invoked by uid 500); 17 Apr 2014 18:01:23 -0000 Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org Received: (qmail 25930 invoked by uid 500); 17 Apr 2014 18:01:22 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 25827 invoked by uid 500); 17 Apr 2014 18:01:21 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 25699 invoked by uid 99); 17 Apr 2014 18:01:21 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Apr 2014 18:01:21 +0000 Date: Thu, 17 Apr 2014 18:01:21 +0000 (UTC) From: "Min Chen (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (CLOUDSTACK-6429) IAM - As admin , When listAll=false is used to list all Vms under a subdomain , all Vms (even those that are not in this subdmain) are listed. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-6429?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Min Chen resolved CLOUDSTACK-6429. ---------------------------------- Resolution: Fixed > IAM - As admin , When listAll=false is used to list all Vms under a subdomain , all Vms (even those that are not in this subdmain) are listed. > ---------------------------------------------------------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-6429 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6429 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: Management Server > Affects Versions: 4.4.0 > Environment: Build from 4.4 > Reporter: Sangeetha Hariharan > Assignee: Min Chen > Priority: Critical > Fix For: 4.4.0 > > > IAM - As admin , When listAll=false is used to list all Vms under a subdomain , all Vms (even those that are not in this subdmain) are listed. > Steps to reproduce the problem: > Set up: > Pre Reqs: > Admin - Creates object > Domain Admin for d1 - D1 - Creates object - d1 > Domain Admin for d1 - D1/D11 > User account for d1 - D1/D111 - Creates object - d111a > Domain Admin for d1 - D1/D12 > Domain Admin for d2 - D2 - Creates object -d2 > User Account in domain D1 - userD1-1 - Creates object -d1a > User Account in domain D1 - userD1-2 - Creates object - d1b > User Account in domain D1/D11 - userD1-a - Creates object - d11a > User Account in domain D1/D11 - userD1-a - Creates object - d11b > User Account in domain D1/D12- userD1-b - Creates object - d12a > User Account in domain D1/D12 - userD-a - Creates object - d12b > As ROOT admin , tried to list all the Vms for domain - d1/d11 , this results in all the Vms (even those that are not in this subdmain) being listed. > All the following API calls as Admin when trying to list Vms from domain - d1/d11 , results in 11 Vms which is all the Vms in the cluouds. > GET http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&listAll=false&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=1S3PA2HyPP70jnv5FiKSp%2FXfqw4%3D \n\n > GET http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&listAll=false&isrecursive=false&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=FtoJ8isO896ZkqLJH5YzVjodFdg%3D \n\n > GET http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&listAll=false&isrecursive=true&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=4HHrtJo1Cx3yqjdIHUFi43kqZ3E%3D \n\n > GET http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&isrecursive=false&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=A6kJuc9XDIp6f9Ha8Bp9Ig3Xigg%3D \n\n > GET http://10.223.49.6/client/api?command=listVirtualMachines&domainId=7add6894-37ba-4b9a-bc43-12e49c3599c0&isrecursive=true&apiKey=oKz6XB3IKFtUTdw_0rYhGMk4AV0ih4AvpPKCcD-KO51d6qYpyPXLPOjoHp5V02-J-pwnci7khJvhV0c4XDP8ag&signature=S04gwOtMs0%2F00CV4I1Q7pbCCC08%3D \n\n -- This message was sent by Atlassian JIRA (v6.2#6252)