OpenStack Shared File Systems Service (Manila)

admin user query share networks with both security_service_id and project_id in search_opts will get wrong result

Bug #1923008 reported by haixin on 2021-04-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Shared File Systems Service (Manila)	Fix Released	Medium	haixin	OpenStack Shared File Systems Service (Manila) xena-rc1

Bug Description

Description
===========
1: when get share networks list, if specified "security_service_id" and "project_id" in search_ops, will go to
function share_network_get_all_by_security_service(), It doesn't care if the user is admin,
this will lead to Non-admin user get share networks in other project.

2: we can put "created_since", "created_before" search opts into database to Increase query speed

3: we can integrate the database query interface

Steps to reproduce
==================

A chronological list of steps which will help reproduce the issue you hit:
* in project A(id=A_id) create an share network net_A, which security_service_id is id1 belong to project A.
* in project B(id=B_id) create an share network net_B, which security_service_id is id2 belong to project B.
* then admin to query share networks list with security_service_id=id1 and project_id= B_id in
search opts.

Expected result
===============

the query resule is None

Actual result
=============

you will get net_A

See original description

haixin (haixin77) on 2021-04-08

Changed in manila:
assignee:	nobody → haixin (haixin77)
description:	updated

Vida Haririan (vhariria) on 2021-04-08

Changed in manila:
importance:	Undecided → Medium
milestone:	none → xena-1

Revision history for this message

Vida Haririan (vhariria) wrote on 2021-04-08:

Additional comments http://eavesdrop.openstack.org/meetings/manila/2021/manila.2021-04-08-15.00.log.html

Revision history for this message

haixin (haixin77) wrote on 2021-04-09:

https://review.opendev.org/c/openstack/manila/+/785573

OpenStack Infra (hudson-openstack) on 2021-06-10

Changed in manila:
status:	New → In Progress

Goutham Pacha Ravi (gouthamr) on 2021-07-08

Changed in manila:
milestone:	xena-1 → xena-2

Goutham Pacha Ravi (gouthamr) on 2021-09-10

Changed in manila:
milestone:	xena-2 → xena-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-09-16: Fix merged to manila (master)

Reviewed: https://review.opendev.org/c/openstack/manila/+/785573
Committed: https://opendev.org/openstack/manila/commit/de72cd473616bf0454749d6f105a17170cc3d5ce
Submitter: "Zuul (22348)"
Branch: master

commit de72cd473616bf0454749d6f105a17170cc3d5ce
Author: haixin <email address hidden>
Date: Fri Apr 9 16:23:24 2021 +0800

Optimize the query logic for share network list

    1: As admin user, query share network list with specified
       "security_service_id" and "project_id" search opts, will
       get wrong result.
    2: put "created_since", "created_before" search opts into database to
       Increase query speed

Closes-Bug: #1923008
Change-Id: I49e412cb6c98fcda67531ff915b3b4c3edc64476

Changed in manila:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-09-17: Fix included in openstack/manila 13.0.0.0rc1

This issue was fixed in the openstack/manila 13.0.0.0rc1 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.