some plugins don't check tenant ownership
Bug #942713 reported by
dan wendlandt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Critical
|
dan wendlandt | ||
quantum (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Several plugins, particularly those using the Mysql code to store networks and ports, do not properly check that a network or port is owned by a particular tenant when processing calls to get/update/delete ports + networks.
It was thought that this was not a big deal b/c the quantum API was not yet exposed to tenants anyway (only to Nova's QuantumManager) but it turns out that this confuses the "validate_networks" method in QuantumManager, which is used to validate the set of networks passed in using the os-create-
Changed in nova: | |
status: | New → In Progress |
affects: | nova → quantum |
Changed in quantum: | |
importance: | Undecided → Critical |
assignee: | nobody → dan wendlandt (danwent) |
milestone: | none → essex-4 |
Changed in quantum: | |
status: | Fix Committed → Fix Released |
Changed in quantum: | |
milestone: | essex-4 → 2012.1 |
Changed in quantum (Ubuntu): | |
status: | New → Fix Released |
To post a comment you must log in.
The related bug in nova is #942527. Oddly, I was working on this patch already, but the Nova bug demonstrates that the bug is higher priority than we previously thought.