Thanks for doing taking care of this. Next time I hope we can be more helpful.
-Ray
-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Chris Behrens
Sent: Wednesday, September 21, 2011 4:27 PM
To: Hookway, Ray
Subject: [Bug 855115] Re: Unauthorized user can release floating_ips
Had to fight a little bit to get the test correct as the network code
has changed a ton. But, I got this merge propped for both diablo's
release branch and for trunk.
Bug description:
EC2 commands which manipulate floating_ips do not check that the user
is associated with the project to which the address belongs. For
example, ReleaseAddress can be used by a user who is a netadmin in one
project to release an address which has been allocated to a second
project of which the user is not a member. (See EC2 comment in
floating_ip_deallocate: # TODO (devcamcar): How to ensure floating id
belongs to user)
Chris,
Thanks for doing taking care of this. Next time I hope we can be more helpful.
-Ray
-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Chris Behrens
Sent: Wednesday, September 21, 2011 4:27 PM
To: Hookway, Ray
Subject: [Bug 855115] Re: Unauthorized user can release floating_ips
Had to fight a little bit to get the test correct as the network code
has changed a ton. But, I got this merge propped for both diablo's
release branch and for trunk.
-- /bugs.launchpad .net/bugs/ 855115
You received this bug notification because you are subscribed to the bug
report.
https:/
Title:
Unauthorized user can release floating_ips
Status in OpenStack Compute (Nova):
In Progress
Bug description: ip_deallocate: # TODO (devcamcar): How to ensure floating id
EC2 commands which manipulate floating_ips do not check that the user
is associated with the project to which the address belongs. For
example, ReleaseAddress can be used by a user who is a netadmin in one
project to release an address which has been allocated to a second
project of which the user is not a member. (See EC2 comment in
floating_
belongs to user)
To manage notifications about this bug go to: /bugs.launchpad .net/nova/ +bug/855115/ +subscriptions
https:/