User not authorized to perform USE in reservation VNETs only

hsanjuan · October 1, 2015, 1:09pm

Hi, I am running OpenNebula 4.12.

I have a group of users “bots” (id 102).

Bots have an ACL that allows them to USE VirtualNetworks:

13 @102 VHNI-T-DC---- * u--- *

This works for regular virtual networks, they can run vn.info!() (using the Ruby OCA) and they get the VN information. However, when doing exactly the same with VirtualNetworks of type “Reservation”, I get

[VirtualNetworkInfo] User [8] : Not authorized to perform USE NET [7].

Am I missing something or might this be a bug? I’ve searched around without luck…

If I add a specific ACL specifing the ID of the VNET (7) instead of ALL, then it works :S

Thanks in advance…

hsanjuan · October 13, 2015, 12:59pm

shameless bump

ruben · October 13, 2015, 1:43pm

Hi

VNET reservations also includes an implicit ACL to by pass the ALL and cluster rules. This was introduced as a security requirement. For example, to not see reservation made by other users. Changes were made here:

http://dev.opennebula.org/projects/opennebula/repository/revisions/acf5052009a045756e9b05d4331d1bc933f9fe53

I checked the docs, but could not see any references I’ll fill a ticket for this.

So in summary, this is the expected behavior.

Topic		Replies	Views
SDN and network traffic Community Support	0	284	October 8, 2019
Virtual Networking Community Support	4	744	September 4, 2016
[SOLVED] OpenNebula 5.4.0 is not able to find MAC/IP lease from VNET Community Support	3	1957	September 20, 2017
OpenvSwitch (IP Hijacking): restriction by virtual network Community Support	4	1835	April 2, 2015
No VN_MAD in template (when reserve ip) Community Support	3	803	May 4, 2018

User not authorized to perform USE in reservation VNETs only

Related Topics