Sangeetha Hariharan created CLOUDSTACK-6973:
-----------------------------------------------
Summary: IAM - listNetworks - When Domain Admin calls listNetwork
with listall=false , isolated networks belonging to other users in the domain
is also listed. Edit Comment Assign More Resolve Issue
Close Issue Export
Key: CLOUDSTACK-6973
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6973
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server
Affects Versions: 4.4.0
Environment: Build from 4.4-forward
Reporter: Sangeetha Hariharan
IAM - listNetworks - When Domain Admin calls listNetwork with listall=false ,
isolated networks belonging to other users in the domain is also listed.
Steps to reproduce the problem:
Domain D1 -> has user d1 (domain admin), d1a and d1b regular users.
Each user has a isolated network that he owns.
Calling listNetworks() with no parameters (or listall=false) , results in
isolated networks owned by other regular users in the domain to be listed.
As domain admin d1 , when I listed istNetworks() with no parameters (or
listall=false) , i see the isolated networks owned by d1a and d1b regular users
listed:
-----------------------------------------------------------------------------------------------------------------------------------------------------
id account_name uuid type domain_id state removed
cleanup_needed network_domain default_zone_id default
-----------------------------------------------------------------------------------------------------------------------------------------------------
1 system 2c320fc2-d1eb-11e3-907f-4adf980f9414 1 1 enabled
NULL 0 NULL NULL 1
2 admin 2c324dfc-d1eb-11e3-907f-4adf980f9414 1 1 enabled
NULL 0 NULL NULL 1
3 testD1-TestNetworkList-0SNBP5 53144728-76db-427a-ab96-5a6901e31a5e
2 2 enabled NULL 0 NULL NULL 0
4 testD1A-TestNetworkList-0Y3W33 196cc54c-4f4f-4bff-91ee-e084395eb388
0 2 enabled NULL 0 NULL NULL 0
5 testD1B-TestNetworkList-KOGK49 52d34195-f6be-482d-b8cb-effaf9d3bcc4
0 2 enabled NULL 0 NULL NULL 0
List call response:
2014-05-02 07:38:19,152 INFO [a.c.c.a.ApiServer] (catalina-exec-10:ctx-4d9ac3c7
ctx-d8785a9c ctx-aa28872f) (userId=3 accountId=3 ses
sionId=null) 10.223.56.66 – GET
apiKey=ASspPltVyUxiuOKQLuyfJnsS_zezNXRjZPfZsdjAXpJMUnu7r75Zn9dqk7p_eL1PrATjDbDanUN3uGsGbsCcwg&respon
se=json&listall=false&command=listNetworks&signature=s9FYHRWmLi2E7LeQDhXcyi%2Fu0J0%3D
200 { "listnetworksresponse" : { "count":5 ,"ne
twork" : [
{"id":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","name":"testD1B-TestNetworkList-KOGK49-network","displaytext":"testD1B-TestN
etworkList-KOGK49-network","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"
10.1.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"fc25eb7b-d884-4cc3-acbb-a321817a3
567","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
for Isolated n
etworks with Source Nat service
enabled","networkofferingconservemode":true,"networkofferingavailability":"Required","issystem":false
,"state":"Implemented","related":"53a9ddfa-ab63-4f87-bdd0-e368e7fd11ca","dns1":"4.2.2.2","type":"Isolated","acltype":"Account","accou
nt":"testD1B-TestNetworkList-KOGK49","domainid":"3abd56e8-97da-40f9-b6f5-33fd5b28b43e","domain":"D1-R549ZO","service":[
{"name":"PortF orwarding"}
,
{"name":"UserData"}
,{"name":"Firewall","capability":[
{"name":"MultipleIps","value":"true","canchooseservicecapability":fa lse}
,
{"name":"SupportedEgressProtocols","value":"tcp,udp,icmp,
all","canchooseservicecapability":false}
,
{"name":"SupportedProtocols",
"value":"tcp,udp,icmp","canchooseservicecapability":false}
,
{"name":"SupportedTrafficDirection","value":"ingress, egress","canchoosese
rvicecapability":false}
,
{"name":"TrafficStatistics","value":"per public
ip","canchooseservicecapability":false}
]},{"name":"Lb","capab
ility":[{"name":"AutoScaleCounters","value":"[
{\"methodname\":\"cpu\",\"paramlist\":[]}
,
{\"methodname\":\"memory\",\"paramlist\":[]}
]
","canchooseservicecapability":false},
{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false}
,
{"name":
"SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false}
,
{"name":"LbSchemes","value":"Public ","canchooseservicecapability":false}
,
{"name":"SupportedProtocols","value":"tcp,
udp","canchooseservicecapability":false}
,{"name":"Su
pportedStickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[
{\"paramname\":\"cookie-name\",\"required\":false,\"i
sflag\":false,\"description\":\" \"}
,
{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
,
{\"paramname\
":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\" \"}
,
{\"paramname\":\"indirect\",\"required\":false,\"isflag\":tru
e,\"description\":\" \"}
,
{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\"
\"}
,
{\"paramname\":\"domai
n\",\"required\":false,\"isflag\":false,\"description\":\" \"}
],\"description\":\"This is loadbalancer cookie based stickiness method
.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[
{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":
\" \"}
,
{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
,
{\"paramname\":\"holdtime\",\"required\":
false,\"isflag\":false,\"description\":\" \"}
,
{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"description\":\"
\"}
,
{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"description\":\"
\"}
,
{\"paramname\":\"mode\",\"required\":false,\" isflag\":false,\"description\":\"
\"}
],\"description\":\"This is App session based sticky method. Define session
stickiness on an exi
sting application cookie. It can be used only for a specific http
traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[
{\"paramname\":\"tablesize\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
,
{\"paramname\":\"expire\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
],\"description\":\"This is source based Stickiness method, it can be used for
any type of
protocol.\"}]","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[
{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}
]},{"name":"Dns","capability":[
{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}
]},
{"name":"StaticNat"}
,{"name":"Vpn","capability":[
{"name":"VpnTypes","value":"removeaccessvpn","canchooseservicecapability":false}
,
{"name":"SupportedVpnTypes","value":"pptp,l2tp,ipsec","canchooseservicecapability":false}
]},{"name":"SourceNat","capability":[
{"name":"SupportedSourceNatTypes","value":"peraccount","canchooseservicecapability":false}
,
{"name":"RedundantRouter","value":"true","canchooseservicecapability":false}
]}],"networkdomain":"cs5cloud.internal","physicalnetworkid":"5c47dee5-9ac4-45f6-a1c5-2540006a5ba9","restartrequired":false,"specifyipranges":false,"canusefordeploy":true,"ispersistent":false,"tags":[],"strechedl2subnet":false},
{"id":"eb189b59-3ebf-4eda-bedb-469d92540f43","name":"testD1A-TestNetworkList-0Y3W33-network","displaytext":"testD1A-TestNetworkList-0Y3W33-network","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"10.1.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"fc25eb7b-d884-4cc3-acbb-a321817a3567","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
for Isolated networks with Source Nat service
enabled","networkofferingconservemode":true,"networkofferingavailability":"Required","issystem":false,"state":"Implemented","related":"eb189b59-3ebf-4eda-bedb-469d92540f43","dns1":"4.2.2.2","type":"Isolated","acltype":"Account","account":"testD1A-TestNetworkList-0Y3W33","domainid":"3abd56e8-97da-40f9-b6f5-33fd5b28b43e","domain":"D1-R549ZO","service":[
{"name":"PortForwarding"}
,
{"name":"UserData"}
,{"name":"Firewall","capability":[
{"name":"MultipleIps","value":"true","canchooseservicecapability":false}
,
{"name":"SupportedEgressProtocols","value":"tcp,udp,icmp,
all","canchooseservicecapability":false}
,
{"name":"SupportedProtocols","value":"tcp,udp,icmp","canchooseservicecapability":false}
,
{"name":"SupportedTrafficDirection","value":"ingress,
egress","canchooseservicecapability":false}
,
{"name":"TrafficStatistics","value":"per public
ip","canchooseservicecapability":false}
]},{"name":"Lb","capability":[{"name":"AutoScaleCounters","value":"[
{\"methodname\":\"cpu\",\"paramlist\":[]}
,
{\"methodname\":\"memory\",\"paramlist\":[]}
]","canchooseservicecapability":false},
{"name":"SupportedLBIsolation","value":"dedicated","canchooseservicecapability":false}
,
{"name":"SupportedLbAlgorithms","value":"roundrobin,leastconn,source","canchooseservicecapability":false}
,
{"name":"LbSchemes","value":"Public","canchooseservicecapability":false}
,
{"name":"SupportedProtocols","value":"tcp,
udp","canchooseservicecapability":false}
,{"name":"SupportedStickinessMethods","value":"[{\"methodname\":\"LbCookie\",\"paramlist\":[
{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
,
{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
,
{\"paramname\":\"nocache\",\"required\":false,\"isflag\":true,\"description\":\"
\"}
,
{\"paramname\":\"indirect\",\"required\":false,\"isflag\":true,\"description\":\"
\"}
,
{\"paramname\":\"postonly\",\"required\":false,\"isflag\":true,\"description\":\"
\"}
,
{\"paramname\":\"domain\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
],\"description\":\"This is loadbalancer cookie based stickiness
method.\"},{\"methodname\":\"AppCookie\",\"paramlist\":[
{\"paramname\":\"cookie-name\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
,
{\"paramname\":\"length\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
,
{\"paramname\":\"holdtime\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
,
{\"paramname\":\"request-learn\",\"required\":false,\"isflag\":true,\"description\":\"
\"}
,
{\"paramname\":\"prefix\",\"required\":false,\"isflag\":true,\"description\":\"
\"}
,
{\"paramname\":\"mode\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
],\"description\":\"This is App session based sticky method. Define session
stickiness on an existing application cookie. It can be used only for a
specific http traffic\"},{\"methodname\":\"SourceBased\",\"paramlist\":[
{\"paramname\":\"tablesize\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
,
{\"paramname\":\"expire\",\"required\":false,\"isflag\":false,\"description\":\"
\"}
],\"description\":\"This is source based Stickiness method, it can be used for
any type of
protocol.\"}]","canchooseservicecapability":false}]},{"name":"Dhcp","capability":[
{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}
]},{"name":"Dns","capability":[
{"name":"AllowDnsSuffixModification","value":"true","canchooseservicecapability":false}
]},
{"name":"StaticNat"}
,{"name":"Vpn","capability":[
{"name":"VpnTypes","value":"removeaccessvpn","canchooseservicecapability":false}
,
{"name":"SupportedVpnTypes","value":"pptp,l2tp,ipsec","canchooseservicecapability":false}
]},{"name":"SourceNat","capability":[
{"name":"SupportedSourceNatTypes","value":"peraccount","canchooseservicecapability":false}
,
{"name":"RedundantRouter","value":"true","canchooseservicecapability":false}
]}],"networkdomain":"cs4cloud.internal","physicalnetworkid":"5c47dee5-9ac4-45f6-a1c5-2540006a5ba9","restartrequired":false,"specifyipranges":false,"canusefordeploy":true,"ispersistent":false,"tags":[],"strechedl2subnet":false},
{"id":"6597aadd-2967-495c-819a-c6b6e03e5311","name":"testD1-TestNetworkList-0SNBP5-network","displaytext":"testD1-TestNetworkList-0SNBP5-network","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.1.1.1","netmask":"255.255.255.0","cidr":"10.1.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"fc25eb7b-d884-4cc3-acbb-a321817a3567","networkofferingname":"DefaultIsolatedNetworkOfferingWithSourceNatService","networkofferingdisplaytext":"Offering
for Isolated networks with Source Nat service
enabled","networkofferingconservemode":true,"networkofferingavailability":"Required","issystem":false,"state":"Implemented","relate
" ....
--
This message was sent by Atlassian JIRA
(v6.2#6252)
