The issue is contrail plugin would allow port creation on a tenant (different from context tenant even if user is not admin).
Stock devstack doesn’t allow adding a router port belonging to a shared VN unless user is admin. This check is missing in contrail plugin.
Neutron code(in db/db_base_plugin_v2.py) has API to validate such cases. _get_tenant_id_for_create. This function is called fro many create method for validation.
This bug is not yet fixed in R1.10/master.
The issue is contrail plugin would allow port creation on a tenant (different from context tenant even if user is not admin).
Stock devstack doesn’t allow adding a router port belonging to a shared VN unless user is admin. This check is missing in contrail plugin.
Neutron code(in db/db_base_ plugin_ v2.py) has API to validate such cases. _get_tenant_ id_for_ create. This function is called fro many create method for validation.
I made a change to bring this to contrail plugin.
https:/ /review. opencontrail. org/#/c/ 2036/