OpenStack Compute (nova)

  1. Bug #1194093
  2. Comment #1

Comment 1 for bug 1194093

Revision history for this message
Russell Bryant (russellb) wrote : Re: Other tenants can access my private flavor.

I just reproduced this.

I created a non-public flavor as an admin:

    $ . openrc admin
    $ nova flavor-create test2 8 512 4 2 --is-public False

I switched to the regular user and could still see the flavor and start an instance with it. It was not included in "nova flavor-list".

$ . openrc
$ nova flavor-show 8
+----------------------------+-------+
| Property | Value |
 +----------------------------+-------+
| name | test2 |
| ram | 512 |
| OS-FLV-DISABLED:disabled | False |
| vcpus | 2 |
| extra_specs | {} |
| swap | |
| os-flavor-access:is_public | False |
| rxtx_factor | 1.0 |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 4 |
| id | 8 |
 +----------------------------+-------+
[rbryant@devstack devstack]$ nova flavor-show 7
+----------------------------+-------+
| Property | Value |
 +----------------------------+-------+
| name | test1 |
| ram | 512 |
| OS-FLV-DISABLED:disabled | False |
| vcpus | 2 |
| extra_specs | {} |
| swap | |
| os-flavor-access:is_public | True |
| rxtx_factor | 1.0 |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 4 |
| id | 7 |
 +----------------------------+-------+
[rbryant@devstack devstack]$ nova boot --flavor 8 --image e1f736ac-edc3-47b3-864c-2bef7cb08a6b test
+-------------------------------------+--------------------------------------+
| Property | Value |
 +-------------------------------------+--------------------------------------+
| OS-EXT-STS:task_state | scheduling |
| image | cirros-0.3.1-x86_64-uec |
| OS-EXT-STS:vm_state | building |
| OS-EXT-SRV-ATTR:instance_name | instance-00000003 |
| OS-SRV-USG:launched_at | None |
| flavor | test2 |
| id | 66c6c9df-b754-4e4d-8d2b-4062f68865c9 |
| security_groups | [{u'name': u'default'}] |
| user_id | d188cab557114a0ea336b5d3a0c15288 |
| OS-DCF:diskConfig | MANUAL |
| accessIPv4 | |
| accessIPv6 | |
| progress | 0 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-AZ:availability_zone | nova |
| config_drive | |
| status | BUILD |
| updated | 2013-06-27T19:52:06Z |
| hostId | |
| OS-EXT-SRV-ATTR:host | None |
| OS-SRV-USG:terminated_at | None |
| key_name | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| name | test |
| adminPass | fc9fVAjU4tjw |
| tenant_id | d8b38c9432e94aaea4b75153cc5f0f46 |
| created | 2013-06-27T19:52:06Z |
| metadata | {} |
 +-------------------------------------+--------------------------------------+