OpenStack Compute (nova)

most of extended server attributes returned in 2.3 api versions should not require admin role

Bug #1670978 reported by Qiming Teng on 2017-03-08

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	In Progress	Wishlist	jichenjc

Bug Description

Since microverison 2.3, the responses from server creation (https://developer.openstack.org/api-ref/compute/?expanded=create-server-detail#id8) contains some extra attributes such as the user_data specified to the server. These attributes are also returned in a server GET call. However, only an admin can see these attributes.

It is acceptable that 'OS-EXT-SRV-ATTR:hostname' should be visible to admins only. But all other attributes should be visible to a non-admin user, especially the owner of the server.

  OS-EXT-SERV-ATTR:reservation_id
  OS-EXT-SERV-ATTR:launch_index
  OS-EXT-SERV-ATTR:kernel_id
  OS-EXT-SERV-ATTR:ramdisk_id
  OS-EXT-SERV-ATTR:root_device_name
  OS-EXT-SERV-ATTR:user_data

It is highly desirable for the server's owner to retrieve back the 'user_data' provided when creating the server.

To reproduce this under devstack, compare the raw responses from nova-api using the following two commands:

openstack --os-compute-version 2.3 --os-username demo --debug server show <your_server>

openstack --os-compute-version 2.3 --os-username admin --debug server show <your_server

Tags:

Alex Xu (xuhj) on 2017-03-08

tags:

added: api

Revision history for this message

jichenjc (jichenjc) wrote on 2017-03-14:

#1

OS-EXT-SERV-ATTR:reservation_id
  OS-EXT-SERV-ATTR:launch_index
  OS-EXT-SERV-ATTR:root_device_name
  OS-EXT-SERV-ATTR:user_data

I can image those 4 might be needed

OS-EXT-SERV-ATTR:kernel_id
OS-EXT-SERV-ATTR:ramdisk_id
but those 2 ,why user need this information? seems admin only ?

Changed in nova:
assignee:	nobody → jichenjc (jichenjc)

Revision history for this message

jichenjc (jichenjc) wrote on 2017-03-14:

#2

And, I believe we need microversion if we want to add those items to non-admin user?

OpenStack Infra (hudson-openstack) on 2017-03-15

Changed in nova:
status:	New → In Progress

Revision history for this message

Sean Dague (sdague) wrote on 2017-06-28:

#3

There are no currently open reviews on this bug, changing the status back to the previous state and unassigning. If there are active reviews related to this bug, please include links in comments.

Changed in nova:
status:	In Progress → New
assignee:	jichenjc (jichenjc) → nobody

Sean Dague (sdague) on 2017-06-28

Changed in nova:
importance:	Undecided → Wishlist

Revision history for this message

Sean Dague (sdague) wrote on 2017-06-29:

#4

Found open reviews for this bug in gerrit, setting to In Progress.

review: https://review.openstack.org/445844 in branch: master

Changed in nova:
status:	New → In Progress
assignee:	nobody → jichenjc (jichenjc)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-08-01: Change abandoned on nova (master)

#5

Change abandoned by Sean Dague (<email address hidden>) on branch: master
Review: https://review.openstack.org/445844
Reason: This review is > 4 weeks without comment, and is not mergable in it's current state. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.