Users cannot create extra-routes with nexthop on ext-net
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Cedric Brandily | ||
openstack-api-site |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Non-admin users cannot create extra-routes on a router with a nexthop on ext-net subnet:
# With admin user
neutron net-create pub --router-:external
neutron subnet-create pub 192.168.0.0/16
# With non-admin user
neutron router-create router
neutron router-gateway-set router pub
neutron router-update router --routes nexthop=
>> Invalid format for routes: [{u'destination': u'10.10.10.0/24', u'nexthop': u'192.168.0.99'}], the nexthop is not connected with router
But it succeeds with an admin user.
nexthop validation gets all ports connected to the router to check if nexthop is on a subnet connected to the router BUT non-admin users are only allowed to get internal ports!
Changed in neutron: | |
importance: | Undecided → Medium |
Changed in neutron: | |
milestone: | none → mitaka-3 |
Changed in openstack-api-site: | |
status: | New → Invalid |
status: | Invalid → New |
Changed in openstack-api-site: | |
status: | New → Invalid |
Fix proposed to branch: master /review. openstack. org/273278
Review: https:/