Pod compose view allows selecting any visible resource pool
Bug #1811658 reported by
Björn Tillenius
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
MAAS | Status tracked in 3.6 | |||||
3.4 |
Won't Fix
|
Medium
|
Unassigned | |||
3.5 |
Won't Fix
|
Medium
|
Unassigned | |||
3.6 |
Triaged
|
Medium
|
Unassigned |
Bug Description
This is with MAAS 2.5.1-7489-
I have a MAAS deployment with a virsh Pod registered. I have a user which has
Admin on the resource pool the pod belongs to, and the User role on another pool.
If I go and compose a new machine in the pod, I can select the resource pool
where the user only has the User role.
This shouldn't be possible, since it's effectively moving a machine from one
pool to the other, and Users don't have permission to do so.
tags: | added: rbac |
Changed in maas: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → 2.5.1 |
Changed in maas: | |
milestone: | 2.5.1 → 2.5.2 |
Changed in maas: | |
milestone: | 2.5.2 → 2.5.3 |
Changed in maas: | |
milestone: | 2.5.3 → 2.6.0beta2 |
Changed in maas: | |
milestone: | 2.6.0beta2 → 2.6.0rc1 |
Changed in maas: | |
milestone: | 2.6.0rc1 → 2.6.0rc2 |
Changed in maas: | |
milestone: | 2.6.0rc2 → 2.7.0alpha1 |
Changed in maas: | |
milestone: | 2.7.0b1 → 2.7.0b2 |
Changed in maas: | |
milestone: | 2.7.0b2 → none |
summary: |
- [2.5, RBAC] Pod compose view allows selecting any visible resource pool + Pod compose view allows selecting any visible resource pool |
Changed in maas: | |
milestone: | 3.4.0 → 3.4.x |
Changed in maas: | |
milestone: | 3.4.x → 3.5.x |
To post a comment you must log in.
Needs to be addressed together with other RBAC issues, by introducing a layer that handles permissions consistently.