yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1587208] [NEW] Non admin is not able to view all ports of shared network

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sridhar Venkat <svenkat@xxxxxxxxxx>
Date: Tue, 31 May 2016 01:54:37 -0000
Reply-to: Bug 1587208 <1587208@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

If you create a shared network and create ports under say tenant_1
tenant, admin of both tenant_1 and another tenant say tenant_2 can view
the port of shared (as well as non-shared) networks.

However, if a non-admin of tenant_2 executes port-list, port(s) of
shared network is not listed.

In certain OpenStack driver environments, a port is created with a
specific IP address and any knowledge of existing ports under a specific
network (atleast shared network) is very useful and required, so that a
port cannot even be attempted to be created with an already allocated IP
address.

In the case of shared networks, all ports created under it by any tenant
should be visible to non-admins of any tenant.

The network is shared anyway, so non-admins can get access to list of
ports.

This bug is related to mitaka version and will be applicable to liberty
as well.

** Affects: neutron
     Importance: Undecided
     Assignee: Sridhar Venkat (svenkat)
         Status: In Progress


** Tags: api

** Changed in: neutron
       Status: New => In Progress

** Changed in: neutron
     Assignee: (unassigned) => Sridhar Venkat (svenkat)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1587208

Title:
  Non admin is not able to view all ports of shared network

Status in neutron:
  In Progress

Bug description:
  If you create a shared network and create ports under say tenant_1
  tenant, admin of both tenant_1 and another tenant say tenant_2 can
  view the port of shared (as well as non-shared) networks.

  However, if a non-admin of tenant_2 executes port-list, port(s) of
  shared network is not listed.

  In certain OpenStack driver environments, a port is created with a
  specific IP address and any knowledge of existing ports under a
  specific network (atleast shared network) is very useful and required,
  so that a port cannot even be attempted to be created with an already
  allocated IP address.

  In the case of shared networks, all ports created under it by any
  tenant should be visible to non-admins of any tenant.

  The network is shared anyway, so non-admins can get access to list of
  ports.

  This bug is related to mitaka version and will be applicable to
  liberty as well.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1587208/+subscriptions

Follow ups

[Bug 1587208] Re: Non admin is not able to view all ports of shared network
From: Sridhar Venkat, 2016-08-20