yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #22592
[Bug 1267310] Re: port-list should not list the dhcp ports for normal user
The DHCP port belongs to the tenant, which is therefore entitles to see
it.
Deployers wishing to prevent that MIGHT configure policies to remove network ports from responses.
This is possible in theory, even if I would strongly advise against as this kind of settings end up making openstack applications not portable across deployments.
** Changed in: neutron
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1267310
Title:
port-list should not list the dhcp ports for normal user
Status in OpenStack Neutron (virtual network service):
Won't Fix
Bug description:
with non-admin user, I can list the dhcp port, and If I tried to
update the fixed ips of these dhcp ports, it does not reflect to
dhcpagent at all, I mean the nic device's ip in the dhcp namesapce.
So I think we should not allow normal user to view the dhcp port at the first place.
[root@controller ~]# neutron port-list
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 1a5a2236-9b66-4b6d-953d-664fad6be3bb | | fa:16:3e:cf:52:b3 | {"subnet_id": "e38cf289-3b4b-4684-90e0-d44d2ee1cb90", "ip_address": "10.0.1.3"} |
| 381e244e-4012-4a49-83d3-f252fa4e41a1 | | fa:16:3e:cf:94:bd | {"subnet_id": "e38cf289-3b4b-4684-90e0-d44d2ee1cb90", "ip_address": "10.0.1.7"} |
| 3bba05d3-10ec-49f1-9335-1103f791584b | | fa:16:3e:fe:aa:6f | {"subnet_id": "e38cf289-3b4b-4684-90e0-d44d2ee1cb90", "ip_address": "10.0.1.6"} |
| 939d5696-0780-40c6-a626-a9a9df933553 | | fa:16:3e:c7:5b:73 | {"subnet_id": "e38cf289-3b4b-4684-90e0-d44d2ee1cb90", "ip_address": "10.0.1.4"} |
| ad89d303-9e8c-43bb-a029-b341340a92bb | | fa:16:3e:21:6d:98 | {"subnet_id": "c8e59b09-60d3-4996-8692-02334ee0e658", "ip_address": "192.168.230.3"} |
| cb350109-39d3-444c-bc33-538c22415171 | | fa:16:3e:f4:d3:e8 | {"subnet_id": "e38cf289-3b4b-4684-90e0-d44d2ee1cb90", "ip_address": "10.0.1.5"} |
| d1e79c7c-d500-475f-8e21-2c1958f0a136 | | fa:16:3e:2d:c7:a1 | {"subnet_id": "e38cf289-3b4b-4684-90e0-d44d2ee1cb90", "ip_address": "10.0.1.1"} |
| ddc076f6-16aa-4f12-9745-2ac27dd5a38a | | fa:16:3e:e0:04:44 | {"subnet_id": "e38cf289-3b4b-4684-90e0-d44d2ee1cb90", "ip_address": "10.0.1.8"} |
| f2a4df5c-e719-46cc-9bdb-bf9771a2c205 | | fa:16:3e:01:73:5e | {"subnet_id": "e38cf289-3b4b-4684-90e0-d44d2ee1cb90", "ip_address": "10.0.1.2"} |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
[root@controller ~]# neutron port-show 1a5a2236-9b66-4b6d-953d-664fad6be3bb
+-----------------------+---------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+---------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| device_id | dhcpd3377d3c-a0d1-5d71-9947-f17125c357bb-20f45603-b76a-4a89-9674-0127e39fc895 |
| device_owner | network:dhcp |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "e38cf289-3b4b-4684-90e0-d44d2ee1cb90", "ip_address": "10.0.1.3"} |
| id | 1a5a2236-9b66-4b6d-953d-664fad6be3bb |
| mac_address | fa:16:3e:cf:52:b3 |
| name | |
| network_id | 20f45603-b76a-4a89-9674-0127e39fc895 |
| security_groups | |
| status | ACTIVE |
| tenant_id | c8a625a4c71b401681e25e3ad294b255 |
+-----------------------+---------------------------------------------------------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1267310/+subscriptions
References
