[
https://issues.apache.org/jira/browse/CLOUDSTACK-5152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839257#comment-13839257
]
ASF subversion and git services commented on CLOUDSTACK-5152:
-------------------------------------------------------------
Commit 06d2e768b61890f69daa197f64d9fb4991523792 in branch refs/heads/4.3 from
[~alena1108]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=06d2e76 ]
CLOUDSTACK-5152: when deployVm with SG, verify that vm and sg belong to the
same account. Do this verification even when the call is done by the ROOT admin
> Basic Zone - Security group belonging to a project can be used to deploy VM
> outside the project (in same account, and also in different account)
> ------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-5152
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5152
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Network Controller
> Affects Versions: 4.3.0
> Reporter: Gaurav Aradhye
> Assignee: Alena Prokharchyk
> Priority: Critical
> Fix For: 4.3.0
>
>
> In basic zone,
> Create an account and a project in that account.
> Create a security group which belongs to this project.
> Try to deploy VM using this security group outside the project.
> Creation of VM is successful and if you list the virtual machines, in
> response it will show the security group in the sec groups list and it will
> show the account of security group as the account in which you have deployed
> the instance (instead it should list the project to which security group
> belongs)
> This is an issue, security group belonging to a project should not be allowed
> to be used outside the project.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
