Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-7730

[rbac] Reader user able to create, delete and accept volume transfer

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhos-18.0.0
    • openstack-cinder
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • ?
    • ?
    • ?
    • None
    • Moderate

      Reader user able to create, delete and accept volume transfer.
      The expected response code is 403 (forbidden) but the actual response is 202.

      From tempest logs:

      create volume transfer:
      2024-06-17 09:29:04,893 93289 INFO [tempest.lib.common.rest_client] Request (ProjectReaderTests:test_create_volume_transfer): 202 POST https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer 0.268s
      2024-06-17 09:29:04,893 93289 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
              Body: {"transfer": {"volume_id": "06fb7e49-015c-453d-b58e-0e76ec7acf42"}}
          Response - Headers:

      {'date': 'Mon, 17 Jun 2024 09:29:04 GMT', 'server': 'Apache/2.4.52 (Ubuntu)', 'content-type': 'application/json', 'x-compute-request-id': 'req-f65a384f-c8db-481f-ac3e-3604599b3a60', 'content-length': '513', 'openstack-api-version': 'volume 3.0', 'vary': 'OpenStack-API-Version', 'x-openstack-request-id': 'req-f65a384f-c8db-481f-ac3e-3604599b3a60', 'connection': 'close', 'status': '202', 'content-location': '[https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer']}

              Body: b'{"transfer": {"id": "2e821250-f11e-43f5-95be-fd111adb408b", "created_at": "2024-06-17T09:29:04.884548", "name": null, "volume_id": "06fb7e49-015c-453d-b58e-0e76ec7acf42", "auth_key": "39faecbcfa42a011", "links": [

      {"rel": "self", "href": "[https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/2e821250-f11e-43f5-95be-fd111adb408b]"}

      ,

      {"rel": "bookmark", "href": "[https://10.210.192.86/volume/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/2e821250-f11e-43f5-95be-fd111adb408b]"}

      ]}}'

      delete volume transfer:
      2024-06-17 09:29:06,494 93289 INFO [tempest.lib.common.rest_client] Request (ProjectReaderTests:test_delete_volume_transfer): 202 DELETE https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/286b8be2-b573-41a2-a8d8-2415ed615c81 0.075s
      2024-06-17 09:29:06,494 93289 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
              Body: None
          Response - Headers:

      {'date': 'Mon, 17 Jun 2024 09:29:06 GMT', 'server': 'Apache/2.4.52 (Ubuntu)', 'content-length': '0', 'content-type': 'text/html; charset=UTF-8', 'openstack-api-version': 'volume 3.0', 'vary': 'OpenStack-API-Version', 'x-openstack-request-id': 'req-ec07f5a7-03e3-467c-bb40-fce98fcf9bda', 'connection': 'close', 'status': '202', 'content-location': '[https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/286b8be2-b573-41a2-a8d8-2415ed615c81']}

              Body: b''

      accept volume transfer:
      2024-06-17 09:29:01,014 93289 INFO [tempest.lib.common.rest_client] Request (ProjectReaderTests:test_accept_volume_transfer): 202 POST https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/637e81b8-6ebc-4489-be55-1354bc95dfd5/accept 0.923s
      2024-06-17 09:29:01,014 93289 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
              Body: {"accept": {"auth_key": "712de4be72849bf9"}}
          Response - Headers:

      {'date': 'Mon, 17 Jun 2024 09:29:00 GMT', 'server': 'Apache/2.4.52 (Ubuntu)', 'content-type': 'application/json', 'x-compute-request-id': 'req-fde3ee86-7257-4923-aa96-1ee24b1ffa4f', 'content-length': '437', 'openstack-api-version': 'volume 3.0', 'vary': 'OpenStack-API-Version', 'x-openstack-request-id': 'req-fde3ee86-7257-4923-aa96-1ee24b1ffa4f', 'connection': 'close', 'status': '202', 'content-location': '[https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/637e81b8-6ebc-4489-be55-1354bc95dfd5/accept']}

              Body: b'{"transfer": {"id": "637e81b8-6ebc-4489-be55-1354bc95dfd5", "volume_id": "47740399-efa8-4503-a0ae-19a99a527429", "name": null, "links": [

      {"rel": "self", "href": "[https://10.210.192.86/volume/v3/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/637e81b8-6ebc-4489-be55-1354bc95dfd5]"}

      ,

      {"rel": "bookmark", "href": "[https://10.210.192.86/volume/63d4fa2db4624d6fb2e04096828e7e39/os-volume-transfer/637e81b8-6ebc-4489-be55-1354bc95dfd5]"}

      ]}}'

      cinder version: 7.4.1
      Failing job:
      https://zuul.opendev.org/t/openstack/build/1da1414a2f65458cbebe2b488b43ff48

              Unassigned Unassigned
              ybenshim Yosi Ben Shimon
              rhos-dfg-storage-squad-cinder
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: