Comment 5 for bug 1332471

This bug is not yet fixed in R1.10/master.

The issue is contrail plugin would allow port creation on a tenant (different from context tenant even if user is not admin).

Stock devstack doesn’t allow adding a router port belonging to a shared VN unless user is admin. This check is missing in contrail plugin.

Neutron code(in db/db_base_plugin_v2.py) has API to validate such cases. _get_tenant_id_for_create. This function is called fro many create method for validation.

I made a change to bring this to contrail plugin.

https://review.opencontrail.org/#/c/2036/