yahoo-eng-team team mailing list archive

[Eugene Nikanorov <enikanorov@xxxxxxxxxxxx>]

I think bug describes nothing beyond as-designed behavior of neutron.
Ports with different tenant-ids than network could exist for shared network.

I think it makes sense to close this bug.

** Changed in: neutron
     Assignee: Eugene Nikanorov (enikanorov) => (unassigned)

** Changed in: neutron
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1389246

Title:
  port/subnet tenant id and network tenant id could be inconsistent

Status in OpenStack Neutron (virtual network service):
  Opinion

Bug description:

  A admin user can create port to the network that he can see. But the
  port may not be in the same tenant as the network.

  I read from this link
  http://docs.openstack.org/icehouse/install-guide/install/yum/content/neutron_initial-tenant-network.html

  "The tenant owns this network because it only provides network access
  for instances within it."

  For example:
  If port is in tenant A, and network is in tenant B.

  This port can't be used by the instance within tenant B. But from the
  port's information, it is in the network. This means not all of the
  tenant network is accessible in the tenant B.

  Besides, Instance in tenant A can attach interface to that port. And
  considering that port is part of network, this is inconsistent with
  the document "only provides network access for instances within it".

  I would expect neutron do a check before creating port to see if the
  tenant of port matches the tenant of network.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1389246/+subscriptions