You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Sangeetha Hariharan (JIRA)" <ji...@apache.org> on 2014/06/21 04:04:25 UTC

[jira] [Created] (CLOUDSTACK-6974) IAM-Root Admin - When listNetwork is used with listall=false (or no listall passed), all isoalted networks belonging to other users is listed.

Sangeetha Hariharan created CLOUDSTACK-6974:
-----------------------------------------------

             Summary: IAM-Root Admin - When listNetwork is used with listall=false (or no listall passed), all isoalted networks belonging to other users is listed.
                 Key: CLOUDSTACK-6974
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6974
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
    Affects Versions: 4.4.0
         Environment: Build from 4.4-forward
            Reporter: Sangeetha Hariharan




Root Admin - When listNetwork is used with listall=false (or no listall passed) and isrecursive=true , all networks in the system are returned.

Steps to reproduce the problem:

Create multiple domains with few user and domain accounts in them.
Create isolated networks as each of these accounts.

Create an admin user under ROOT.
As this admin user, deploy a VM.

Use listNetwork with listall=false (or no listall passed) and isrecursive=true to retrieve all the networks owned by this admin.

This results in all the networks in the system being returned.

Following is the API call that was made , that resulted in 15 networks being fetched when it should have fetched only 1 isolated network and 1
shared network.

http://10.223.49.6:8080/client/api?apiKey=PB2CyeaqN0vfTodPzXV52OdE9YZLC8K-BrdLiEijWmq85nuAEfXVoAPxbzW0J5BgFAT-f5lnwDEgeOfp_boJAg&isrecursive=true&response=json&listall=false&command=listNetworks&signature=l%2FNR4aBSnk7aAEDHhlsAvEXe7Cg%3D Response: { "listnetworksresponse" : { "count":15 ,"network" : [ {"id":"fb3b563c-5ba2-4f9a-aa65-82996f78f20e","name":"SharedNetwork-Account","displaytext":"SharedNetwork-Account","broadcastdomaintype":"Vlan","traffictype":"Guest","gateway":"10.223.1.1","netmask":"255.255.255.0","cidr":"10.223.1.0/24","zoneid":"b690dddf-5755-49ab-8a4d-0aff04fa39f7","zonename":"BLR1","networkofferingid":"1bec2c7f-d35d-4d33-a655-d3159be4a6ff","networkofferingname":"DefaultSharedNetworkOfferingWithSGService","networkofferingdisplaytext":"Offering for Shared Security group enabled networks","networkofferingconservemode":true,"networkofferingavailability":"Optional","issystem":false,"state":"Setup","related":"fb3b563c-5ba2-4f9a-aa65-82996f78f20e","broadcasturi":"vlan://153","dns1":"4.2.2.2","type":"Shared","vlan":"153","acltype":"Account","account":"testD111A-TestNetworkList-RPNQIQ","domainid":"b706ea33-fbf7-4167-a857-16f79f332cf3","domain":"D111-A243U3","service":[
{"name":"UserData"}

,{"name":"Dhcp","capability":[
{"name":"DhcpAccrossMultipleSubnets","value":"true","canchooseservicecapability":false}

]},{" ...




--
This message was sent by Atlassian JIRA
(v6.2#6252)