Comment 3 for bug 855115
Revision history for this message
| Ray Hookway (rjh) wrote RE: [Bug 855115] Re: Unauthorized user can release floating_ips | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Chris,
Thanks for doing taking care of this. Next time I hope we can be more helpful.
-Ray
-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Chris Behrens
Sent: Wednesday, September 21, 2011 4:27 PM
To: Hookway, Ray
Subject: [Bug 855115] Re: Unauthorized user can release floating_ips
Had to fight a little bit to get the test correct as the network code
has changed a ton. But, I got this merge propped for both diablo's
release branch and for trunk.
--
You received this bug notification because you are subscribed to the bug
report.
https:/
Title:
Unauthorized user can release floating_ips
Status in OpenStack Compute (Nova):
In Progress
Bug description:
EC2 commands which manipulate floating_ips do not check that the user
is associated with the project to which the address belongs. For
example, ReleaseAddress can be used by a user who is a netadmin in one
project to release an address which has been allocated to a second
project of which the user is not a member. (See EC2 comment in
floating_
belongs to user)
To manage notifications about this bug go to:
https:/