GET requests on neutron API do not take into account the tenant specified in the token
Bug #1316122 reported by
Matthieu Maquevice
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| neutron |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
Hey,
GET requests on Neutron API (/networks, /floatingips...) return a perimeter of data with multiple tenants, even if the token used in the request specified a tenant id. Is it the normal behavior ? If so, how can we limit our scope to our tenant ?
Thanks !
Revision history for this message
| Salvatore Orlando (salvatore-orlando) wrote | #1 |
| Changed in neutron: | |
| status: | New → Incomplete |
Revision history for this message
| Hao Wang (soccerhaotian) wrote | #2 |
| Changed in neutron: | |
| status: | Incomplete → Confirmed |
| assignee: | nobody → Howard (hao-1-wang) |
Revision history for this message
| Cedric Brandily (cbrandily) wrote | #3 |
| Changed in neutron: | |
| assignee: | Howard (hao-1-wang) → nobody |
| status: | Confirmed → Incomplete |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in neutron: | |
| status: | Incomplete → Expired |
To post a comment you must log in.
Neutron list operations in non-admin context always return only resources owned by the tenant which submits the request (the one the token belongs to). Are you observing a tenant being able to see other tenants' resources?
Only administrators have global visibility. To scope visibility to a single tenant when submitting a list request in admin context, you can use the tenant_id query parameter (--tenant_id on the CLI).
I am not sure what "perimeter of data" refers to. I've assumed it refers to the whole list of returned data.