If nova cli allows you to do that, it means the REST API allows you to
do that. Permissions should not be done on the client side as they can
be circumvented with curl.
This looks like it's a permissions issue on the server side where you'd
like a different policy?
** Changed in: nova
Status: New => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1683770
Title:
"nova volume-attach" should not allow attachment of cinder volume of
other project to the instance of admin project
Status in OpenStack Compute (nova):
Won't Fix
Bug description:
Description of problem:
The cinder volume created in other project is not visible under admin
project. Similarly nova CLI should not allow to attach other project
volume to the admin project instance. Horizon is not permit this kind
of operation, however nova CLI allow to do so.
Further at the other project side, the volume status shows
"Attached to None on /dev/vdX" which is also a confusing status.
However "nova volume-attach" command
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. Create volume demo-vol1(Tenant).
2. Create VM admin-vm1(Admin).
3. Source admin credential
4. Use nova volume-attch command to attached the admin-vm1 to the demo-vol1.
5. Open horizon -> under Tenant -> volume.
See that the volume display attach to "None".
Actual results:
Expected results:
The Operation should not be allowed as demo-vol1 should not be visible
under admin project.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1683770/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
