On 06/27/2018 12:20 PM, Matt Riedemann wrote:
On 6/27/2018 10:13 AM, Jay Pipes wrote:
I'm -2'd the patch in question because of these concerns about
crossing the line between administrative and guest/virtual domains. It
may seem like a very trivial patch, but from what I can tell, it would
be a very big departure from the types of information we have
traditionally allowed in the metadata API.
To be clear, this is exposing the exact same hashed host+project_id
value via the metadata API that you can already get, as a non-admin
user, from the compute REST API:
https://github.com/openstack/nova/blob/c8b93fa2493dce82ef4c0b1e7a503ba9b81c2e86/nova/api/openstack/compute/views/servers.py#L135
So I don't think it's a security issue at all.
My sincere apologies. I did not realize that the hostId was not, in
fact, the host identifier, but rather a SHA-224 hash of the host and
project_id.
The one thing I would be a bit worried about is that the value would be
stale from the config drive if the instance is live migrated. We also
expose the availability zone the instance is in from the config drive,
but as far as I know you can't live migrate your way into another
availability zone (unless of course the admin force live migrates to
another host in another AZ and bypasses the scheduler).
OK, I'll remove my -2. Apologies!
-jay
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
