GET requests on neutron API do not take into account the tenant specified in the token
Bug #1316122 reported by
Matthieu Maquevice
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Expired
|
Undecided
|
Unassigned |
Bug Description
Hey,
GET requests on Neutron API (/networks, /floatingips...) return a perimeter of data with multiple tenants, even if the token used in the request specified a tenant id. Is it the normal behavior ? If so, how can we limit our scope to our tenant ?
Thanks !
Changed in neutron: | |
status: | New → Incomplete |
To post a comment you must log in.
Neutron list operations in non-admin context always return only resources owned by the tenant which submits the request (the one the token belongs to). Are you observing a tenant being able to see other tenants' resources?
Only administrators have global visibility. To scope visibility to a single tenant when submitting a list request in admin context, you can use the tenant_id query parameter (--tenant_id on the CLI).
I am not sure what "perimeter of data" refers to. I've assumed it refers to the whole list of returned data.