yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #49058
[Bug 1566656] [NEW] neutron purge operation should not delete dhcp port
Public bug reported:
Now neutronclient can use purge to delete tenant resources. It will
check whether the resource is used by other tenants. I found the purge
will delete the dhcp port and it just check this resource's tenant_id is
the specified one. This will cause an issue like:
There are 2 tenant A and B , there is an admin user in both of them.
1. In tenant A, I create an network, but no subnet. It won't allocate a dhcp port now.
2. Now I change to tenant B, as user in tenant B is admin role, I will see the network which created by tenant A user. So I create a subnet towards the network, and it will create a dhcp port which owned by tenant A(as dhcp port creation is based on network tenant). Then tenant B user can add interface/ create vm port in this subnet.
3. another tenant C with admin user exec neutron purge tenant A_id, it will check the tenant A's resource in system, it will not delete the network, but delete the dhcp port. And dhcp port will be created later, its owner is still tenant A.
if it can verify the network can not delete, we should not delete dhcp
port, it will cause during the recreate dhcp port, new port creation can
not get the ip addr. And it will be recreated in the end, this view is
meaningless and risky.
** Affects: neutron
Importance: Undecided
Assignee: zhaobo (zhaobo6)
Status: New
** Changed in: neutron
Assignee: (unassigned) => zhaobo (zhaobo6)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1566656
Title:
neutron purge operation should not delete dhcp port
Status in neutron:
New
Bug description:
Now neutronclient can use purge to delete tenant resources. It will
check whether the resource is used by other tenants. I found the purge
will delete the dhcp port and it just check this resource's tenant_id
is the specified one. This will cause an issue like:
There are 2 tenant A and B , there is an admin user in both of them.
1. In tenant A, I create an network, but no subnet. It won't allocate a dhcp port now.
2. Now I change to tenant B, as user in tenant B is admin role, I will see the network which created by tenant A user. So I create a subnet towards the network, and it will create a dhcp port which owned by tenant A(as dhcp port creation is based on network tenant). Then tenant B user can add interface/ create vm port in this subnet.
3. another tenant C with admin user exec neutron purge tenant A_id, it will check the tenant A's resource in system, it will not delete the network, but delete the dhcp port. And dhcp port will be created later, its owner is still tenant A.
if it can verify the network can not delete, we should not delete
dhcp port, it will cause during the recreate dhcp port, new port
creation can not get the ip addr. And it will be recreated in the
end, this view is meaningless and risky.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1566656/+subscriptions
Follow ups
