Skip to content

server: allow admins to blacklist vm details that users should not see #3213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yadvr merged 1 commit into from
May 10, 2019
Merged

server: allow admins to blacklist vm details that users should not see #3213

yadvr merged 1 commit into from
May 10, 2019

Conversation

@yadvr
Copy link
Member

@yadvr yadvr commented Mar 12, 2019
edited
Loading

Problem: The listVirtualMachines API response displays sensitive information which should not be visible to any other user which is not Root Admin.
Root Cause: There are currently no restrictions in place to control what
instance settings should be visible to Root Admin only.
Solution: The issue has been fixed by refactoring the response to filter details based on a global setting and also honour the cloud.user_vm_details table’s display field. The global setting used to hide details that Root admin can set is called user.vm.blacklisted.details with the following defaults;
• memoryOvercommitRatio
• cpuOvercommitRatio
• rootdisksize
• Message.ReservedCapacityFreed.Flag

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)

@yadvr
server: allow admins to blacklist vm details that users should not see
8644616 
This introduces a new global setting `user.vm.blacklisted.details` that
allows admins to blacklist VM details that non-admin users should not
see via the VM's settings tab.

Signed-off-by: Rohit Yadav <[email protected]>
@yadvr yadvr added this to the 4.13.0.0 milestone Mar 12, 2019
@yadvr yadvr requested review from PaulAngus and nvazquez March 25, 2019 08:26
@borisstoyanov
Copy link
Contributor

borisstoyanov commented Mar 28, 2019

@blueorangutan package

@blueorangutan
Copy link

blueorangutan commented Mar 28, 2019

@borisstoyanov a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

@blueorangutan
Copy link

blueorangutan commented Mar 28, 2019

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-2656

@yadvr yadvr requested a review from borisstoyanov March 29, 2019 06:43
@yadvr yadvr changed the title server: allow admins to blacklist vm details that users should not see [WIP DO NOT MERGE] server: allow admins to blacklist vm details that users should not see Mar 29, 2019
@borisstoyanov
Copy link
Contributor

borisstoyanov commented Apr 1, 2019

@blueorangutan test

@blueorangutan
Copy link

blueorangutan commented Apr 1, 2019

@borisstoyanov a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

borisstoyanov
borisstoyanov approved these changes Apr 1, 2019
View reviewed changes
Copy link
Contributor

@borisstoyanov borisstoyanov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

nvazquez
nvazquez approved these changes Apr 1, 2019
View reviewed changes
Copy link
Contributor

@nvazquez nvazquez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM, subject to testing

@blueorangutan
Copy link

blueorangutan commented Apr 1, 2019

Trillian test result (tid-3456)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 38469 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr3213-t3456-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_privategw_acl.py
Intermittent failure detected: /marvin/tests/smoke/test_ssvm.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Smoke tests completed. 70 look OK, 0 have error(s)
Only failed tests results shown below:

Test Result Time (s) Test File

This was referenced Apr 5, 2019
Merged
Closed
@DagSonsteboSB
Copy link

DagSonsteboSB commented May 9, 2019

LGTM

@yadvr yadvr changed the title [WIP DO NOT MERGE] server: allow admins to blacklist vm details that users should not see server: allow admins to blacklist vm details that users should not see May 10, 2019
@yadvr yadvr merged commit 6716047 into apache:master May 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nvazquez nvazquez nvazquez approved these changes

@borisstoyanov borisstoyanov borisstoyanov approved these changes

@PaulAngus PaulAngus Awaiting requested review from PaulAngus

Assignees

No one assigned

Labels

component:api type:enhancement

Projects

None yet

Milestone

4.13.0.0

Development

Successfully merging this pull request may close these issues.

5 participants

@yadvr @borisstoyanov @blueorangutan @DagSonsteboSB @nvazquez