Skip to content

destroy: only delete OpenStack objects belonging to the project

Jonas Schäfer requested to merge feature/safe-port-deletion into devel

Version Control Information

Source branch: feature/safe-port-deletion
Target branch: devel

Commits:

* destroy: only delete OpenStack objects belonging to the project

This filter should normally not be necessary, because the credentials
are normally scoped to a project. However, at least Neutron will list
*all* resources from *all* projects if the *user* has sufficient
privileges for that, no matter the project scoping of their token.

This has caused absolute chaos with C&H's Kubernetes customers when a
DevOps person accidentally had the admin role in their project and they
deleted their cluster.

Description

Feel free to add further information about your MR in this section

Closes: #


Merge Prerequisites

  • MR title (and description) are descriptive
  • Code is readable and syntactically correct
  • Code is understandable
  • Documentation has been updated, if necessary
  • Commit messages look good
  • Release note file added in latest commit

As a developer: please do not tick these boxes yourself. As a reviewer: please get yourself a hot cold beverage.

Merge request reports

Loading