andrijapanicsb commented on issue #3894: api: Fix count and item issues returned by list APIs URL: https://github.com/apache/cloudstack/pull/3894#issuecomment-589285734 Alright, so: @Pearl1594 could you please update the description with the list of list* APIs which actually ARE supported by listall=true + projectid=-1 to show everything - since i.e. listNetworks API is not supported and many others as it seems (or in other words, I could see in code just 7-8 or so...so let's list them as we only support handfull of all list* APIs) @rhtyd Tested fine in general - the count is OK with page size = 5 (old UI is unusable, but that's another story - can't scroll and load additional pages anywhere, instances, volumes, settings. etc...) - listall=true + projectid=-1 does behave as expected and returns list of "really all" resources of a specific kind, for which this combination is supported (tested listVirtualMachines and listRouters) - listInfrastructure does return alerts and internal LBs. But we have a security issue @rhtyd @Pearl1594 - in the main ROOT domain, create resoruces outside project, create a projects, create resources inside the project - create subdomain and domain admin for that subdomain (no resources created) - a doman admin of a **subdomain** can list all resources of the ROOT domain when listall=true AND projectid=-1 (listing both non-project and project resources created by the main "admin" user in ROOT doman) - only using listall=true does NOT return anything (does not return non-project resources from the ROOT domain) - using projectid=-1 will list all resources of the projects from the ROOT domain, although the user (subdomain domain-admin) is NOT participating in that project (localcloud) SBCM5> > list virtualmachines listall=true filter=name,domain (localcloud) SBCM5> > list virtualmachines listall=true projectid=-1 filter=name,domain { "count": **15,** "virtualmachine": [ { "domain": "ROOT", "name": "VM-9b745dda-395c-4694-a364-f9813cd5bb8e" }, { "domain": "ROOT", "name": "VM-522d3b9a-c98c-4afe-b600-835628739a34" }, { "domain": "ROOT", "name": "VM-dea62692-9afd-43d9-beb7-afb4e2f13674" }, { "domain": "ROOT", "name": "VM-43e25bf1-2902-4d51-87c1-eb9ac32b686b" }, { "domain": "ROOT", "name": "VM-1252f8c1-393b-457c-ac9c-3a5f64cc8bfa" } ] } (localcloud) SBCM5> > list volumes projectid=-1 filter=name,project,domain { "count": **4** "volume": [ { "domain": "ROOT", "name": "ROOT-17", "project": "project1" }, { "domain": "ROOT", "name": "ROOT-15", "project": "project1" }, { "domain": "ROOT", "name": "ROOT-19", "project": "project1" }, { "domain": "ROOT", "name": "ROOT-18", "project": "project1" } ] } (localcloud) SBCM5> > exit [root@pr3894-t1068-kvm-centos7-mgmt1 ~]# grep -E "(domain|usernam)" .cmk/config username = andrija1 domain = /dom1
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
