[ https://issues.apache.org/jira/browse/CLOUDSTACK-5152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839288#comment-13839288 ]
ASF subversion and git services commented on CLOUDSTACK-5152: ------------------------------------------------------------- Commit f1973340d30042ae39c7465adfbc5a9537b3e3fa in branch refs/heads/master from [~alena1108] [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=f197334 ] CLOUDSTACK-5152: when deployVm with SG, verify that vm and sg belong to the same account. Do this verification even when the call is done by the ROOT admin Conflicts: server/src/com/cloud/user/AccountManagerImpl.java > Basic Zone - Security group belonging to a project can be used to deploy VM > outside the project (in same account, and also in different account) > ------------------------------------------------------------------------------------------------------------------------------------------------ > > Key: CLOUDSTACK-5152 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5152 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Network Controller > Affects Versions: 4.3.0 > Reporter: Gaurav Aradhye > Assignee: Alena Prokharchyk > Priority: Critical > Fix For: 4.3.0 > > > In basic zone, > Create an account and a project in that account. > Create a security group which belongs to this project. > Try to deploy VM using this security group outside the project. > Creation of VM is successful and if you list the virtual machines, in > response it will show the security group in the sec groups list and it will > show the account of security group as the account in which you have deployed > the instance (instead it should list the project to which security group > belongs) > This is an issue, security group belonging to a project should not be allowed > to be used outside the project. -- This message was sent by Atlassian JIRA (v6.1#6144)