yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1238293] Re: Admin for tenant can view ports belonging to other tenants upon executing quantum port-list

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Aaron Rosen <arosen@xxxxxxxxxx>
Date: Fri, 11 Oct 2013 20:06:04 -0000
Reply-to: Bug 1238293 <1238293@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Currently the admin can view all information which is what we intended.
Marking as Invalid. Feel free to file a blueprint as Eugene suggested.

** Changed in: neutron
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1238293

Title:
  Admin for tenant can view ports belonging to other tenants upon
  executing quantum port-list

Status in OpenStack Neutron (virtual network service):
  Invalid

Bug description:
  
  Currently, if we create two networks, say net1 and net2, for two different tenants, tenant1 and tenant2 respectively, and add ports to these networks, quantum port-list run by an admin user of tenant1 is able to view ports belonging to tenant2. This is not expected behavior. An admin user of tenant1 should be able to view all ports within that tenant, but not those belonging to another tenant. It looks like quantum isn't correclty using the scope and non-scope tokens that are passed to it, when retrieving port/network info from the quantum database.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1238293/+subscriptions