yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1374398] Re: Non admin user can update router port

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Salvatore Orlando <1374398@xxxxxxxxxxxxxxxxxx>
Date: Mon, 29 Sep 2014 20:41:45 -0000
Reply-to: Bug 1374398 <1374398@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I am tempted to mark it as invalid rather than won't fix - however it
would be a possible bug if the router interface was added by an admin
user, in which case I think the router port belongs to the admin rather
than the tenant.

Even in that case however, we'll have to discuss whether it's ok for an
admin to create the router port on behalf of the tenant and assign it to
the tenant itself.

The behaviour reported in this bug report depicts a tenant which messes up its own network configuration.
If a deployers wants to prevents scenarios like this, he should be able to add a policy where non-admin updates to port for which device_owner=network:router_interface


** Changed in: neutron
       Status: Won't Fix => Invalid

** Changed in: neutron
       Status: Invalid => Incomplete

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1374398

Title:
  Non admin user can update router port

Status in OpenStack Neutron (virtual network service):
  Incomplete

Bug description:
  Non admin user can update router's port http://paste.openstack.org/show/115575/.
  This can caused problems as server's won't get information about this change until next DHCP request so connectivity to and from this network will be lost.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1374398/+subscriptions

References

[Bug 1374398] [NEW] Non admin user can update router port
From: Ann Kamyshnikova, 2014-09-26