[ https://issues.apache.org/jira/browse/CLOUDSTACK-2445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Abhinandan Prateek reassigned CLOUDSTACK-2445: ---------------------------------------------- Assignee: Abhinandan Prateek > NTier: AssignToLoadBalancerRuleCmd - VM's ID should not be exposed in the > Error Message to a Regular User > --------------------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-2445 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2445 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server > Affects Versions: 4.2.0 > Reporter: Chandan Purushothama > Assignee: Abhinandan Prateek > Fix For: 4.2.0 > > > ============== > API Request Fired: > ============== > 10.223.131.202:8080/client/api?command=assignToLoadBalancerRule&id=1&virtualmachineids=&response=json&sessionkey=gcj7KxdMgWtfe7oaA5pOK1dx70c%3D&_=1368216970293 > =========== > Observations: > =========== > 2013-05-10 13:41:45,047 DEBUG [cloud.api.ApiServlet] (catalina-exec-19:null) > ===START=== 10.216.132.104 -- GET > command=assignToLoadBalancerRule&id=1&virtualmachineids=edf56c07-6afd-453d-9c13-1d57b5a81452&response=json&sessionkey=UFQCGZxnkyAYvXjJpFCjHlz2Owc%3D&_=1368218444123 > 2013-05-10 13:41:45,116 DEBUG [cloud.async.AsyncJobManagerImpl] > (catalina-exec-19:null) submit async job-26, details: AsyncJobVO {id:26, > userId: 3, accountId: 3, sessionKey: null, instanceType: None, instanceId: > null, cmd: > org.apache.cloudstack.api.command.user.loadbalancer.AssignToLoadBalancerRuleCmd, > cmdOriginator: null, cmdInfo: > {"response":"json","id":"1","sessionkey":"UFQCGZxnkyAYvXjJpFCjHlz2Owc\u003d","virtualmachineids":"edf56c07-6afd-453d-9c13-1d57b5a81452","ctxUserId":"3","httpmethod":"GET","_":"1368218444123","ctxAccountId":"3","ctxStartEventId":"113"}, > cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, > processStatus: 0, resultCode: 0, result: null, initMsid: 7508777239729, > completeMsid: null, lastUpdated: null, lastPolled: null, created: null} > 2013-05-10 13:41:45,118 DEBUG [cloud.api.ApiServlet] (catalina-exec-19:null) > ===END=== 10.216.132.104 -- GET > command=assignToLoadBalancerRule&id=1&virtualmachineids=edf56c07-6afd-453d-9c13-1d57b5a81452&response=json&sessionkey=UFQCGZxnkyAYvXjJpFCjHlz2Owc%3D&_=1368218444123 > 2013-05-10 13:41:45,119 DEBUG [cloud.async.AsyncJobManagerImpl] > (Job-Executor-22:job-26) Executing > org.apache.cloudstack.api.command.user.loadbalancer.AssignToLoadBalancerRuleCmd > for job-26 > 2013-05-10 13:41:45,126 DEBUG [cloud.async.AsyncJobManagerImpl] > (Job-Executor-22:job-26) Sync job-26 execution on object network.206 > 2013-05-10 13:41:45,133 DEBUG [cloud.async.AsyncJobManagerImpl] > (Job-Executor-22:job-26) job > org.apache.cloudstack.api.command.user.loadbalancer.AssignToLoadBalancerRuleCmd > for job-26 was queued, processing the queue. > 2013-05-10 13:41:45,138 DEBUG [cloud.async.AsyncJobManagerImpl] > (Job-Executor-22:job-26) Executing sync queue item: SyncQueueItemVO {id:10, > queueId: 10, contentType: AsyncJob, contentId: 26, lastProcessMsid: > 7508777239729, lastprocessNumber: 1, lastProcessTime: Fri May 10 13:41:45 PDT > 2013, created: Fri May 10 13:41:45 PDT 2013} > 2013-05-10 13:41:45,139 DEBUG [cloud.async.AsyncJobManagerImpl] > (Job-Executor-22:job-26) Schedule queued job-26 > 2013-05-10 13:41:45,144 DEBUG [cloud.async.SyncQueueManagerImpl] > (Job-Executor-22:job-26) There is a pending process in sync queue(id: 10) > 2013-05-10 13:41:45,145 DEBUG [cloud.async.AsyncJobManagerImpl] > (Job-Executor-23:job-26) Executing > org.apache.cloudstack.api.command.user.loadbalancer.AssignToLoadBalancerRuleCmd > for job-26 > 2013-05-10 13:41:45,169 DEBUG [cloud.user.AccountManagerImpl] > (Job-Executor-23:job-26) Access to Rule[1-LoadBalancing-Add] granted to > Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_8b074188 > 2013-05-10 13:41:45,169 DEBUG [cloud.user.AccountManagerImpl] > (Job-Executor-23:job-26) Access to VM[User|Atoms-Network2-VM-1] granted to > Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_8b074188 > 2013-05-10 13:41:45,179 ERROR [cloud.async.AsyncJobManagerImpl] > (Job-Executor-23:job-26) Unexpected exception while executing > org.apache.cloudstack.api.command.user.loadbalancer.AssignToLoadBalancerRuleCmd > com.cloud.exception.InvalidParameterValueException: VM 5 cannot be added > because it doesn't belong in the same network. > at > com.cloud.network.lb.LoadBalancingRulesManagerImpl.assignToLoadBalancer(LoadBalancingRulesManagerImpl.java:972) > at > com.cloud.utils.component.ComponentInstantiationPostProcessor$InterceptorDispatcher.intercept(ComponentInstantiationPostProcessor.java:125) > at > org.apache.cloudstack.api.command.user.loadbalancer.AssignToLoadBalancerRuleCmd.execute(AssignToLoadBalancerRuleCmd.java:100) > at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:155) > at > com.cloud.async.AsyncJobManagerImpl$1.run(AsyncJobManagerImpl.java:437) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) > at java.util.concurrent.FutureTask.run(FutureTask.java:166) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) > at java.lang.Thread.run(Thread.java:679) > 2013-05-10 13:41:45,179 DEBUG [cloud.async.AsyncJobManagerImpl] > (Job-Executor-23:job-26) Complete async job-26, jobStatus: 2, resultCode: > 530, result: Error Code: 530 Error text: VM 5 cannot be added because it > doesn't belong in the same network. > mysql> select * from vm_instance where id=5 \G > *************************** 1. row *************************** > id: 5 > name: Atoms-Network2-VM-1 > uuid: edf56c07-6afd-453d-9c13-1d57b5a81452 > instance_name: i-3-5-NTIER > state: Running > vm_template_id: 4 > guest_os_id: 112 > private_mac_address: 02:00:23:7a:00:01 > private_ip_address: 10.1.1.162 > pod_id: 1 > data_center_id: 1 > host_id: 1 > last_host_id: 1 > proxy_id: NULL > proxy_assign_time: NULL > vnc_password: viwP+/m89v57p8Ivn3Ar92aUHSgNlyDceeY1j+nPkrE= > ha_enabled: 0 > limit_cpu_use: 0 > update_count: 3 > update_time: 2013-05-10 20:40:37 > created: 2013-05-10 20:38:02 > removed: NULL > type: User > vm_type: User > account_id: 3 > domain_id: 1 > service_offering_id: 1 > reservation_id: c7931699-54ad-4bb7-849c-e47f83c4d510 > hypervisor_type: KVM > disk_offering_id: NULL > cpu: NULL > ram: NULL > owner: 3 > speed: 500 > host_name: Atoms-Network2-VM-1 > display_name: Atoms-Network2-VM-1 > desired_state: NULL > 1 row in set (0.00 sec) > mysql> select * from account where id=3 \G > *************************** 1. row *************************** > id: 3 > account_name: atoms > uuid: 58fe7cb3-af62-4c28-ad1c-324f859d4186 > type: 0 > domain_id: 1 > state: enabled > removed: NULL > cleanup_needed: 0 > network_domain: atoms.lab.vmops.com > default_zone_id: NULL > default: 0 > 1 row in set (0.00 sec) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira