cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sangeetha Hariharan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-6974) IAM-Root Admin - When listNetwork is used with listall=false (or no listall passed), all isoalted networks belonging to other users is listed.
Date Fri, 19 Sep 2014 00:03:33 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-6974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14139770#comment-14139770
] 

Sangeetha Hariharan commented on CLOUDSTACK-6974:
-------------------------------------------------

listNetwork() with listall=false and isrecursive=true results in returning all the networks
that the admin can see . 
listNetwork() with listall=false and isrecursive=false/not passed results in returning all
the networks that the admin can see in the "ROOT" domain .

In both the above cases ,  listNetwork() with listall=false should return only the networks
that he can use (which is isolated networks that he created and shared network that he has
access to).


> IAM-Root Admin - When listNetwork is used with listall=false (or no listall passed),
all isoalted networks belonging to other users is listed.
> ----------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-6974
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6974
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.4.0
>         Environment: Build from 4.4-forward
>            Reporter: Sangeetha Hariharan
>
> Root Admin - When listNetwork is used with listall=false (or no listall passed) and isrecursive=true
, all networks in the system are returned.
> Steps to reproduce the problem:
> Create multiple domains with few user and domain accounts in them.
> Create isolated networks as each of these accounts.
> Create an admin user under ROOT.
> As this admin user, deploy a VM.
> Use listNetwork with listall=false (or no listall passed) and isrecursive=true to retrieve
all the networks owned by this admin.
> This results in all the networks in the system being returned.
> Following is the API call that was made , that resulted in 15 networks being fetched
when it should have fetched only 1 isolated network and 1
> shared network.
> http://10.223.49.6:8080/client/api?apiKey=PB2CyeaqN0vfTodPzXV52OdE9YZLC8K-BrdLiEijWmq85nuAEfXVoAPxbzW0J5BgFAT-f5lnwDEgeOfp_boJAg&isrecursive=true&response=json&listall=false&command=listNetworks&signature=l%2FNR4aBSnk7aAEDHhlsAvEXe7Cg%3D
Response: { "listnetworksresponse" : { "count":15 ,"network" : [ {"id":"fb3b563c-5ba2-4f9a-aa65-82996f78f20e","name":"SharedNetwork-Account","displaytext":"SharedNetwork-Account","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.223.1.1","netmask":"255.255.255.0","cidr":"10.223.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"1bec2c7f-d35d-4d33-a655-d3159be4a6ff","networkofferingname":"DefaultSharedNetworkOfferingWithSGService","networkofferingdisplaytext":"Offering
for Shared Security group enabled networks","networkofferingconservemode":true,"networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"fb3b563c-5ba2-4f9a-aa65-82996f78f20e","broadcasturi":"vlan://153","dns1":"4.2.2.2","type":"Shared","vlan":"153","acltype":"Account","account":"testD111A-TestNetworkList-RPNQIQ","domainid":"b706ea33-fbf7-4167-a857-16f79f332cf3","domain":"D111-A243U3","service":[
> {"name":"UserData"}
> ,{"name":"Dhcp","capability":[
> {"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}
> ]},{" ...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message