yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1996421] [NEW] 'openstack port list' should display ports only from current project

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Kiran Pawar <1996421@xxxxxxxxxxxxxxxxxx>
Date: Fri, 11 Nov 2022 16:18:07 -0000
Reply-to: Bug 1996421 <1996421@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

When a network is shared between multiple projects, "openstack port
list" command shows ports from all projects which have access to that
network. This is a problem because each port actually has a “project_id“
property, and the port cannot be used for any instance outside of that
project. When a user attempts to start an instance with a port from a
different project, it fails like this: nova.exception.PortNotUsable

Steps to reproduce in horizon :-
===============================

1. create network and share network between 2 projects
2. from Project A, manually create a port “Test Port“ on the network
   note that the port will have the project_id for Project A
3. from Project B, open the Launch Instance workflow navigate to
   “Network Ports”
4. At this point, you will see “Test Port” in the list. If you use it
   for the instance from Project B, the instance will fail

Currently, User can use --project-id="xxxx" as option to "openstack port
list" command to get desired result. But this needs to be taken care at
every neutron client e.g. nova or manila or openstackclient or horizon.

Instead, ff we modify neutron itself to return only ports belonging to
current project in 'openstack port show' command response (without
specifying --project-id) (at least for non-admin users), it would be
good improvement.

** Affects: neutron
     Importance: Undecided
         Status: New

** Description changed:

  When a network is shared between multiple projects, "openstack port
  list" command shows ports from all projects which have access to that
  network. This is a problem because each port actually has a “project_id“
  property, and the port cannot be used for any instance outside of that
  project. When a user attempts to start an instance with a port from a
  different project, it fails like this: nova.exception.PortNotUsable
  
- 
- Steps to reproduce :-
- ==================
+ Steps to reproduce in horizon :-
+ ===============================
  
  1. create network and share network between 2 projects
  2. from Project A, manually create a port “Test Port“ on the network
-    note that the port will have the project_id for Project A
- 3. from Project B, open the Launch Instance workflow
-    navigate to “Network Ports”
- 4. At this point, you will see “Test Port” in the list. If you use it for the instance from Project 
-    B, the instance will fail
+    note that the port will have the project_id for Project A
+ 3. from Project B, open the Launch Instance workflow navigate to
+    “Network Ports”
+ 4. At this point, you will see “Test Port” in the list. If you use it
+    for the instance from Project B, the instance will fail
  
  Currently, User can use --project-id="xxxx" as option to "openstack port
  list" command to get desired result. But this needs to be taken care at
  every neutron client e.g. nova or manila or openstackclient or horizon.
  
  Instead, ff we modify neutron itself to return only ports belonging to
  current project in 'openstack port show' command response (without
  specifying --project-id) (at least for non-admin users), it would be
  good improvement.

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1996421

Title:
  'openstack port list' should display ports only from current project

Status in neutron:
  New

Bug description:
  When a network is shared between multiple projects, "openstack port
  list" command shows ports from all projects which have access to that
  network. This is a problem because each port actually has a
  “project_id“ property, and the port cannot be used for any instance
  outside of that project. When a user attempts to start an instance
  with a port from a different project, it fails like this:
  nova.exception.PortNotUsable

  Steps to reproduce in horizon :-
  ===============================

  1. create network and share network between 2 projects
  2. from Project A, manually create a port “Test Port“ on the network
     note that the port will have the project_id for Project A
  3. from Project B, open the Launch Instance workflow navigate to
     “Network Ports”
  4. At this point, you will see “Test Port” in the list. If you use it
     for the instance from Project B, the instance will fail

  Currently, User can use --project-id="xxxx" as option to "openstack
  port list" command to get desired result. But this needs to be taken
  care at every neutron client e.g. nova or manila or openstackclient or
  horizon.

  Instead, ff we modify neutron itself to return only ports belonging to
  current project in 'openstack port show' command response (without
  specifying --project-id) (at least for non-admin users), it would be
  good improvement.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1996421/+subscriptions
Follow ups

[Bug 1996421] Re: 'openstack port list' should display ports only from current project
From: Rodolfo Alonso, 2022-11-15