[jira] [Created] (CLOUDSTACK-2078) Anti-Affinity - Error messages when deploying Vm in affinity group /deleting affinity group that does not belong to the user expose account Id and affinity group Id.

Sangeetha Hariharan (JIRA) Wed, 17 Apr 2013 21:37:18 -0700

Sangeetha Hariharan created CLOUDSTACK-2078:
-----------------------------------------------


             Summary: Anti-Affinity - Error messages when deploying Vm in 
affinity group /deleting affinity group that does not belong to the user expose 
account Id and affinity group Id.
                 Key: CLOUDSTACK-2078
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2078
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.2.0
         Environment: Build from master
            Reporter: Sangeetha Hariharan
             Fix For: 4.2.0


In the following scenarios , we expose affinity_group_id and account_id in 
error messages.


1. Error message when 1 regular user tries to delete affinity group that 
belongs to other user by passing the uuid, We expose the affinity_group_id and 
account_id in this error message.


530 Error text: Acct[3-sangee] does not have permission to operate with 
resource AffinityGroup[7|test-2|host anti-affinity]

 


2. Error message includes account Id when trying to deploy a Vm in a affinity 
group name that does not belong to this account:

 

Error message seen  - { "deployvirtualmachineresponse" : 
{"errorcode":431,"cserrorcode":4350,"errortext":"Unable to find group by name 
sangee-1456 for account 2"} }
 

3. When trying to deploy a Vm in a affinity group that does not belong to this 
account by passing affinitygroupids:


2013-04-17 16:24:39,160 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null) 
===START===  10.217.252.128 -- GET  command=deployVirtualMachin

e&zoneId=63fb31bd-de23-40d5-a710-4a6b922d153c&templateId=aa7c5240-a625-11e2-8627-06d4460004b1&hypervisor=XenServer&serviceOfferingId=8b3e4d

d8-f8ae-4e12-9551-604fbb6c6313&networkIds=40ae3118-1004-4616-96ee-bd42beb9b8e1&displayname=testnew15&name=testnew15&response=json&sessionke

y=mAdgavcYHN1AOy5Ox9a%2Fad%2B8Bt0%3D&affinitygroupids=6e2dac53-6e28-4fa9-aec8-c55719bef51e

2013-04-17 16:24:39,167 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) 
InfrastructureEntity name is:com.cloud.offering.ServiceOffer

ing

2013-04-17 16:24:39,170 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) 
ControlledEntity name is:com.cloud.template.VirtualMachineTe

mplate

2013-04-17 16:24:39,172 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) 
ControlledEntity name is:com.cloud.network.Network

2013-04-17 16:24:39,175 DEBUG [cloud.api.ApiDispatcher] (catalina-exec-8:null) 
ControlledEntity name is:org.apache.cloudstack.affinity.Affi

nityGroup

2013-04-17 16:24:39,176 DEBUG [cloud.user.AccountManagerImpl] 
(catalina-exec-8:null) Access to Acct[3-sangee] granted to Acct[3-sangee] by

DomainChecker_EnhancerByCloudStack_daf355b4

2013-04-17 16:24:39,177 DEBUG [cloud.user.AccountManagerImpl] 
(catalina-exec-8:null) Access to Acct[3-sangee] granted to Acct[3-sangee] by

DomainChecker_EnhancerByCloudStack_daf355b4

2013-04-17 16:24:39,180 DEBUG [cloud.user.AccountManagerImpl] 
(catalina-exec-8:null) Access to Ntwk[204|Guest|8] granted to Acct[3-sangee]

by DomainChecker_EnhancerByCloudStack_daf355b4

2013-04-17 16:24:39,181 DEBUG [cloud.user.AccountManagerImpl] 
(catalina-exec-8:null) Access to Tmpl[5-VHD-centos56-x86_64-xen granted to Ac

ct[3-sangee] by DomainChecker_EnhancerByCloudStack_daf355b4

2013-04-17 16:24:39,182 INFO  [cloud.api.ApiServer] (catalina-exec-8:null) 
PermissionDenied: Acct[3-sangee] does not have permission to ope

rate with resource AffinityGroup[7|test-2|host anti-affinity] on uuids: []

2013-04-17 16:24:39,182 DEBUG [cloud.api.ApiServlet] (catalina-exec-8:null) 
===END===  10.217.252.128 -- GET  command=deployVirtualMachine&

zoneId=63fb31bd-de23-40d5-a710-4a6b922d153c&templateId=aa7c5240-a625-11e2-8627-06d4460004b1&hypervisor=XenServer&serviceOfferingId=8b3e4dd8

-f8ae-4e12-9551-604fbb6c6313&networkIds=40ae3118-1004-4616-96ee-bd42beb9b8e1&displayname=testnew15&name=testnew15&response=json&sessionkey=

mAdgavcYHN1AOy5Ox9a%2Fad%2B8Bt0%3D&affinitygroupids=6e2dac53-6e28-4fa9-aec8-c55719bef51e

 

 


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Created] (CLOUDSTACK-2078) Anti-Affinity - Error messages when deploying Vm in affinity group /deleting affinity group that does not belong to the user expose account Id and affinity group Id.

Reply via email to