yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1771781] [NEW] Quota does not check invalid tenant_id

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Yang Youseok <1771781@xxxxxxxxxxxxxxxxxx>
Date: Thu, 17 May 2018 09:21:52 -0000
Reply-to: Bug 1771781 <1771781@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Currently, neutron quota API accept invalid tenant_id value without
validation. Even user can add arbitrary quota entry which is not existed
because by default quota engine create new entry if the queried entry is
not found.

This bug is also found across the other openstack projects (nova, trove
..) using similar quota logic, and nova side there was commit to fix it
(https://review.openstack.org/#/c/435010/). I found neutron did not have
any similar approach, so It worth to talk about the solution. (which
access to keystone API in the middle of quota API).

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1771781

Title:
  Quota does not check invalid tenant_id

Status in neutron:
  New

Bug description:
  Currently, neutron quota API accept invalid tenant_id value without
  validation. Even user can add arbitrary quota entry which is not
  existed because by default quota engine create new entry if the
  queried entry is not found.

  This bug is also found across the other openstack projects (nova,
  trove ..) using similar quota logic, and nova side there was commit to
  fix it (https://review.openstack.org/#/c/435010/). I found neutron did
  not have any similar approach, so It worth to talk about the solution.
  (which access to keystone API in the middle of quota API).

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1771781/+subscriptions