Don't show host info to non-admins

While getting volume details, if the user is a non-admin then hide the host name. Change-Id: Iaf0ac52d9227f9a0efbf32b1faca78c8456a84ca Closes-Bug: #1740950
2020-05-11 08:21:09 +00:00 · 2020-05-11 08:21:09 +00:00 · 9d5c340130
commit 9d5c340130
parent beb96cd710
2 changed files with 32 additions and 2 deletions
--- a/cinder/api/v2/views/volumes.py
+++ b/cinder/api/v2/views/volumes.py
@ -91,7 +91,11 @@ class ViewBuilder(common.ViewBuilder):
                'multiattach': volume.get('multiattach'),
            }
        }
-        if request.environ['cinder.context'].is_admin:
+        ctxt = request.environ['cinder.context']
+        if not ctxt.is_admin:
+            if volume_ref.get('attachments'):
+                volume_ref['volume']['attachments']['host_name'] = None
+        if ctxt.is_admin:
            volume_ref['volume']['migration_status'] = (
                volume.get('migration_status'))

@ -100,7 +104,6 @@ class ViewBuilder(common.ViewBuilder):
        group_id = volume.get('group_id')
        if group_id is not None:
            # Not found exception will be handled at the wsgi level
-            ctxt = request.environ['cinder.context']
            grp = group_api.API().get(ctxt, group_id)
            cgsnap_type = group_types.get_default_cgsnapshot_type()
            if grp.group_type_id == cgsnap_type['id']:
--- a/releasenotes/notes/fix-host-info-in-volume-details-1759280bd236421e.yaml
+++ b/releasenotes/notes/fix-host-info-in-volume-details-1759280bd236421e.yaml
@ -0,0 +1,27 @@
+---
+upgrade:
+  - |
+    Due to the fix for `Bug #1740950
+    <https://bugs.launchpad.net/cinder/+bug/1740950>`_, the
+    ``host_name`` field in any object in the ``attachments``
+    array of the volume detail response is populated only when
+    the call is made in an administrative context.  Otherwise,
+    its value is the JSON ``null`` value.  This is consistent with
+    prior API behavior, as it has always been possible for the
+    value of that field to be ``null``.
+security:
+  - |
+    It was possible under certain circumstances for the host name
+    of an instance to be leaked in the volume detail response.  This
+    has been fixed in the current release.  The ``host_name`` field
+    in any object in the ``attachments`` array of the volume
+    detail response is populated only when the call is made in an
+    administrative context.  Otherwise, its value is the JSON ``null``
+    value.
+fixes:
+  - |
+    `Bug #1740950 <https://bugs.launchpad.net/cinder/+bug/1740950>`_:
+    the ``host_name`` field in any object in the ``attachments`` array
+    of the volume detail response is populated only when the call is
+    made in an administrative context.  Otherwise, its value is the
+    JSON ``null`` value.