[openstack-dev] [nova] Adding hostId to metadata

Michael Glasgow michael.glasgow at oracle.com
Wed Jun 27 16:35:24 UTC 2018


On 06/27/18 11:20, Matt Riedemann wrote:
> To be clear, this is exposing the exact same hashed host+project_id 
> value via the metadata API that you can already get, as a non-admin 
> user, from the compute REST API:
> 
> https://github.com/openstack/nova/blob/c8b93fa2493dce82ef4c0b1e7a503ba9b81c2e86/nova/api/openstack/compute/views/servers.py#L135 
> 
> So I don't think it's a security issue at all.

I'm not sure I understand this rationale.  Strictly speaking, I would 
think that in order for this to be true, the set of authenticated 
control plane users would have to always include the set of users who 
can read the metadata from a guest.  Which I'm pretty sure is not true 
in the general case.

Am I missing something?

-- 
Michael Glasgow



More information about the OpenStack-dev mailing list