cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sangeetha Hariharan (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-6973) IAM - listNetworks - When Domain Admin calls listNetwork with listall=false , isolated networks belonging to other users in the domain is also listed. Edit Comment Assign More Resolve Issue Close Issue Export
Date Sat, 21 Jun 2014 02:02:25 GMT
Sangeetha Hariharan created CLOUDSTACK-6973:
-----------------------------------------------

             Summary: IAM - listNetworks - When Domain Admin calls listNetwork with listall=false
, isolated networks belonging to other users in the domain is also listed.      Edit     
Comment      Assign     More      Resolve Issue     Close Issue      Export
                 Key: CLOUDSTACK-6973
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6973
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.4.0
         Environment: Build from 4.4-forward
            Reporter: Sangeetha Hariharan


IAM - listNetworks - When Domain Admin calls listNetwork with listall=false , isolated networks
belonging to other users in the domain is also listed.

Steps to reproduce the problem:

Domain D1 -> has user d1 (domain admin), d1a and d1b regular users.

Each user has a isolated network that he owns.

Calling listNetworks() with no parameters (or listall=false) , results in isolated networks
owned by other regular users in the domain to be listed.

As domain admin d1 , when I listed istNetworks() with no parameters (or listall=false) , i
see the isolated networks owned by d1a and d1b regular users listed:

-----------------------------------------------------------------------------------------------------------------------------------------------------
id 	account_name 	uuid 	type 	domain_id 	state 	removed 	cleanup_needed 	network_domain 	default_zone_id
	default

-----------------------------------------------------------------------------------------------------------------------------------------------------
1 	system 	2c320fc2-d1eb-11e3-907f-4adf980f9414 	1 	1 	enabled 	NULL 	0 	NULL 	NULL 	1
2 	admin 	2c324dfc-d1eb-11e3-907f-4adf980f9414 	1 	1 	enabled 	NULL 	0 	NULL 	NULL 	1
3 	testD1-TestNetworkList-0SNBP5 	53144728-76db-427a-ab96-5a6901e31a5e 	2 	2 	enabled 	NULL
	0 	NULL 	NULL 	0
4 	testD1A-TestNetworkList-0Y3W33 	196cc54c-4f4f-4bff-91ee-e084395eb388 	0 	2 	enabled 	NULL
	0 	NULL 	NULL 	0
5 	testD1B-TestNetworkList-KOGK49 	52d34195-f6be-482d-b8cb-effaf9d3bcc4 	0 	2 	enabled 	NULL
	0 	NULL 	NULL 	0

List call response:

2014-05-02 07:38:19,152 INFO [a.c.c.a.ApiServer] (catalina-exec-10:ctx-4d9ac3c7 ctx-d8785a9c
ctx-aa28872f) (userId=3 accountId=3 ses
sionId=null) 10.223.56.66 – GET apiKey=ASspPltVyUxiuOKQLuyfJnsS_zezNXRjZPfZsdjAXpJMUnu7r75Zn9dqk7p_eL1PrATjDbDanUN3uGsGbsCcwg&respon
se=json&listall=false&command=listNetworks&signature=s9FYHRWmLi2E7LeQDhXcyi%2Fu0J0%3D
200 { "listnetworksresponse" : { "count":5 ,"ne
twork" : [ {"id":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","name":"testD1B-TestNetworkList-KOGK49-network","displaytext":"testD1B-TestN
etworkList-KOGK49-network","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"
10.1.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"fc25eb7b-d884-4cc3-acbb-a321817a3
567","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
for Isolated n
etworks with Source Nat service enabled","networkofferingconservemode":true,"networkofferingavailability":"Required","issystem":false
,"state":"Implemented","related":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","dns1":"4.2.2.2","type":"Isolated","acltype":"Account","accou
nt":"testD1B-TestNetworkList-KOGK49","domainid":"3abd56e8-97da-40f9-b6f5-33fd5b28b43e","domain":"D1-R549ZO","service":[
{"name":"PortF orwarding"}

,
{"name":"UserData"}

,{"name":"Firewall","capability":[
{"name":"MultipleIps","value":"true","canchooseservicecapability":fa lse}

,
{"name":"SupportedEgressProtocols","value":"tcp,udp,icmp, all","canchooseservicecapability":false}

,
{"name":"SupportedProtocols", "value":"tcp,udp,icmp","canchooseservicecapability":false}

,
{"name":"SupportedTrafficDirection","value":"ingress, egress","canchoosese rvicecapability":false}

,
{"name":"TrafficStatistics","value":"per public ip","canchooseservicecapability":false}

]},{"name":"Lb","capab
ility":[{"name":"AutoScaleCounters","value":"[
{\"methodname\":\"cpu\",\"paramlist\":[]}

,
{\"methodname\":\"memory\",\"paramlist\":[]}

]
","canchooseservicecapability":false},
{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false}

,
{"name": "SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false}

,
{"name":"LbSchemes","value":"Public ","canchooseservicecapability":false}

,
{"name":"SupportedProtocols","value":"tcp, udp","canchooseservicecapability":false}

,{"name":"Su
pportedStickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[
{\"paramname\":\"cookie-name\",\"required\":false,\"i sflag\":false,\"description\":\" \"}

,
{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\" \"}

,
{\"paramname\ ":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\" \"}

,
{\"paramname\":\"indirect\",\"required\":false,\"isflag\":tru e,\"description\":\" \"}

,
{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\" \"}

,
{\"paramname\":\"domai n\",\"required\":false,\"isflag\":false,\"description\":\" \"}

],\"description\":\"This is loadbalancer cookie based stickiness method
.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[
{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\": \" \"}

,
{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"description\":\" \"}

,
{\"paramname\":\"holdtime\",\"required\": false,\"isflag\":false,\"description\":\" \"}

,
{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"description\":\" \"}

,
{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"description\":\" \"}

,
{\"paramname\":\"mode\",\"required\":false,\" isflag\":false,\"description\":\" \"}

],\"description\":\"This is App session based sticky method. Define session stickiness on
an exi
sting application cookie. It can be used only for a specific http traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[
{\"paramname\":\"tablesize\",\"required\":false,\"isflag\":false,\"description\":\" \"}

,
{\"paramname\":\"expire\",\"required\":false,\"isflag\":false,\"description\":\" \"}

],\"description\":\"This is source based Stickiness method, it can be used for any type of
protocol.\"}]","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[
{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}

]},{"name":"Dns","capability":[
{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}

]},
{"name":"StaticNat"}

,{"name":"Vpn","capability":[
{"name":"VpnTypes","value":"removeaccessvpn","canchooseservicecapability":false}

,
{"name":"SupportedVpnTypes","value":"pptp,l2tp,ipsec","canchooseservicecapability":false}

]},{"name":"SourceNat","capability":[
{"name":"SupportedSourceNatTypes","value":"peraccount","canchooseservicecapability":false}

,
{"name":"RedundantRouter","value":"true","canchooseservicecapability":false}

]}],"networkdomain":"cs5cloud.internal","physicalnetworkid":"5c47dee5-9ac4-45f6-a1c5-2540006a5ba9","restartrequired":false,"specifyipranges":false,"canusefordeploy":true,"ispersistent":false,"tags":[],"strechedl2subnet":false},
{"id":"eb189b59-3ebf-4eda-bedb-469d92540f43","name":"testD1A-TestNetworkList-0Y3W33-network","displaytext":"testD1A-TestNetworkList-0Y3W33-network","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"10.1.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"fc25eb7b-d884-4cc3-acbb-a321817a3567","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
for Isolated networks with Source Nat service enabled","networkofferingconservemode":true,"networkofferingavailability":"Required","issystem":false,"state":"Implemented","related":"eb189b59-3ebf-4eda-bedb-469d92540f43","dns1":"4.2.2.2","type":"Isolated","acltype":"Account","account":"testD1A-TestNetworkList-0Y3W33","domainid":"3abd56e8-97da-40f9-b6f5-33fd5b28b43e","domain":"D1-R549ZO","service":[
{"name":"PortForwarding"}

,
{"name":"UserData"}

,{"name":"Firewall","capability":[
{"name":"MultipleIps","value":"true","canchooseservicecapability":false}

,
{"name":"SupportedEgressProtocols","value":"tcp,udp,icmp, all","canchooseservicecapability":false}

,
{"name":"SupportedProtocols","value":"tcp,udp,icmp","canchooseservicecapability":false}

,
{"name":"SupportedTrafficDirection","value":"ingress, egress","canchooseservicecapability":false}

,
{"name":"TrafficStatistics","value":"per public ip","canchooseservicecapability":false}

]},{"name":"Lb","capability":[{"name":"AutoScaleCounters","value":"[
{\"methodname\":\"cpu\",\"paramlist\":[]}

,
{\"methodname\":\"memory\",\"paramlist\":[]}

]","canchooseservicecapability":false},
{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false}

,
{"name":"SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false}

,
{"name":"LbSchemes","value":"Public","canchooseservicecapability":false}

,
{"name":"SupportedProtocols","value":"tcp, udp","canchooseservicecapability":false}

,{"name":"SupportedStickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[
{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\" \"}

,
{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\" \"}

,
{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\" \"}

,
{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"description\":\" \"}

,
{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\" \"}

,
{\"paramname\":\"domain\",\"required\":false,\"isflag\":false,\"description\":\" \"}

],\"description\":\"This is loadbalancer cookie based stickiness method.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[
{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\" \"}

,
{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"description\":\" \"}

,
{\"paramname\":\"holdtime\",\"required\":false,\"isflag\":false,\"description\":\" \"}

,
{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"description\":\" \"}

,
{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"description\":\" \"}

,
{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\" \"}

],\"description\":\"This is App session based sticky method. Define session stickiness on
an existing application cookie. It can be used only for a specific http traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[
{\"paramname\":\"tablesize\",\"required\":false,\"isflag\":false,\"description\":\" \"}

,
{\"paramname\":\"expire\",\"required\":false,\"isflag\":false,\"description\":\" \"}

],\"description\":\"This is source based Stickiness method, it can be used for any type of
protocol.\"}]","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[
{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}

]},{"name":"Dns","capability":[
{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}

]},
{"name":"StaticNat"}

,{"name":"Vpn","capability":[
{"name":"VpnTypes","value":"removeaccessvpn","canchooseservicecapability":false}

,
{"name":"SupportedVpnTypes","value":"pptp,l2tp,ipsec","canchooseservicecapability":false}

]},{"name":"SourceNat","capability":[
{"name":"SupportedSourceNatTypes","value":"peraccount","canchooseservicecapability":false}

,
{"name":"RedundantRouter","value":"true","canchooseservicecapability":false}

]}],"networkdomain":"cs4cloud.internal","physicalnetworkid":"5c47dee5-9ac4-45f6-a1c5-2540006a5ba9","restartrequired":false,"specifyipranges":false,"canusefordeploy":true,"ispersistent":false,"tags":[],"strechedl2subnet":false},
{"id":"6597aadd-2967-495c-819a-c6b6e03e5311","name":"testD1-TestNetworkList-0SNBP5-network","displaytext":"testD1-TestNetworkList-0SNBP5-network","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"10.1.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"fc25eb7b-d884-4cc3-acbb-a321817a3567","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
for Isolated networks with Source Nat service enabled","networkofferingconservemode":true,"networkofferingavailability":"Required","issystem":false,"state":"Implemented","relate
" ....




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message