yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1538767] [NEW] Users cannot create extra-routes with nexthop on ext-net

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Cedric Brandily <1538767@xxxxxxxxxxxxxxxxxx>
Date: Wed, 27 Jan 2016 22:01:01 -0000
Reply-to: Bug 1538767 <1538767@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Non-admin users cannot create extra-routes on a router with a nexthop on
ext-net subnet:

  # With admin user
  neutron net-create pub --router-:external
  neutron subnet-create pub 192.168.0.0/16

  # With non-admin user
  neutron router-create router
  neutron router-gateway-set router pub
  neutron router-update router --routes nexthop=192.168.0.99,destination=10.10.10.0/24
  >> Invalid format for routes: [{u'destination': u'10.10.10.0/24', u'nexthop': u'192.168.0.99'}], the nexthop is not connected with router

But it succeeds with an admin user.

nexthop validation gets all ports connected to the router to check if
nexthop is on a subnet connected to the router BUT non-admin users are
only allowed to get internal ports!

** Affects: neutron
     Importance: Undecided
     Assignee: Cedric Brandily (cbrandily)
         Status: New


** Tags: l3-ipam-dhcp

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1538767

Title:
  Users cannot create extra-routes with nexthop on ext-net

Status in neutron:
  New

Bug description:
  Non-admin users cannot create extra-routes on a router with a nexthop
  on ext-net subnet:

    # With admin user
    neutron net-create pub --router-:external
    neutron subnet-create pub 192.168.0.0/16

    # With non-admin user
    neutron router-create router
    neutron router-gateway-set router pub
    neutron router-update router --routes nexthop=192.168.0.99,destination=10.10.10.0/24
    >> Invalid format for routes: [{u'destination': u'10.10.10.0/24', u'nexthop': u'192.168.0.99'}], the nexthop is not connected with router

  But it succeeds with an admin user.

  nexthop validation gets all ports connected to the router to check if
  nexthop is on a subnet connected to the router BUT non-admin users are
  only allowed to get internal ports!

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1538767/+subscriptions

Follow ups

[Bug 1538767] Re: Users cannot create extra-routes with nexthop on ext-net
From: Dariusz Smigiel, 2016-03-03
[Bug 1538767] Re: Users cannot create extra-routes with nexthop on ext-net
From: Dariusz Smigiel, 2016-03-03
[Bug 1538767] Re: Users cannot create extra-routes with nexthop on ext-net
From: OpenStack Infra, 2016-02-29