Bug #3860
Virtual Nets visible to all users
| Status: | Closed | Start date: | 07/01/2015 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Carlos Martín | % Done: | 0% | |
| Category: | Core & System | |||
| Target version: | Release 4.14 | |||
| Resolution: | invalid | Pull request: | ||
| Affected Versions: | Development |
Description
Virtual Nets visible to all users, which violates permission control policy.
The attached patch provides a temporary fix for this issue, which correct the where_filter usage in VirtualNetworkPoolInfo::request_execute().
0001-Fix-Virtual-Nets-visibility-issue.patch 
- Fix patch
(1.08 KB)
History
#1
Updated by Ruben S. Montero about 6 years ago
- Category set to Core & System
- Target version set to Release 4.14
Thanks, we'll look into it
#2
Updated by Ruben S. Montero almost 6 years ago
- Assignee set to Carlos Martín
#3
Updated by Carlos Martín almost 6 years ago
- Status changed from Pending to Closed
- Resolution set to invalid
Hi,
The permission control is working fine for me.
To test it, I've created 2 users, and 2 vnets owned by each one of them. The onevnet output contains only their own vnet.
Please note that by default, the VDC 0 contains the CLUSTER ALL for zone 0. This internally creates the acl '@1 NET+DATASTORE/* USE #0'. If you don't want this behaviour, update the VDC and the ACL rules will be adjusted internally.
As far as I can tell, the patch you provide prevents the 'all' and 'cluster' ACL rules from working properly.