EC2 metadata service doesn't account for request forwarding when using neutron metadata-proxy
Bug #1284741 reported by
Phil Day
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Won't Fix
|
Low
|
Unassigned | ||
ec2-api |
Confirmed
|
Low
|
Unassigned |
Bug Description
When an EC2 metadata request is received via the neutron metadata proxy Nova assumes that the X-Forwarded-For item in teh header is the address of the instance:
https:/
In fact depending on the network path this could be a comma separated list of of addresses, only the first element of which is the address of the instance.
The correct handling should be something like:
remote_address = req.headers.
tags: | added: ec2 |
Changed in nova: | |
status: | New → Confirmed |
importance: | Undecided → Low |
tags: | added: low |
tags: |
added: low-hanging-fruit removed: low |
Changed in nova: | |
assignee: | nobody → Chaitanya Challa (cvskchaitanya) |
Changed in nova: | |
assignee: | Chaitanya Challa (cvskchaitanya) → nobody |
Changed in nova: | |
assignee: | nobody → Chaitanya Challa (cchalla) |
Changed in nova: | |
status: | In Progress → New |
assignee: | Chaitanya Challa (cchalla) → nobody |
Changed in nova: | |
status: | New → Confirmed |
Changed in nova: | |
assignee: | nobody → Nobuteru Nishida (nobuteru-nishida) |
Changed in ec2-api: | |
importance: | Undecided → Low |
status: | New → Confirmed |
Changed in nova: | |
assignee: | Nobuteru Nishida (nobuteru-nishida) → nobody |
status: | In Progress → Confirmed |
Changed in nova: | |
status: | Confirmed → Won't Fix |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/133400
Review: https:/