Juniper Openstack

neutron plugin shows all policies to all non-admin users

  1. Series r3.1
  2. Bug #1708401
Bug #1708401 reported by Michel Nederlof
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.1
Fix Committed
Undecided
Unassigned
R3.1.1.x
In Progress
Undecided
Unassigned
R3.2
Fix Committed
Undecided
Unassigned
Juniper Openstack r3.2.5.0
R4.0
Fix Committed
Undecided
Unassigned
Juniper Openstack r4.0.1.0 "r4.0.1.0"
Trunk
Fix Committed
Undecided
Unassigned
Juniper Openstack r4.1.0.0-fcs "r4.1"

Bug Description

When users are fetching all network policies, they see all network policies, even ones who don't belong to their tenant.

As we are using it in a public OpenStack environment, this is not something that we like.

My recommendation would be to check for the multi_tenancy option in the plugin configuration, and act accordingly (thus excluding non-tenant owned policies).

(i will push some code that resolves this issue)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.1.1.x

Review in progress for https://review.opencontrail.org/34277
Submitter: Michel Nederlof (<email address hidden>)

Michel Nederlof (mnederlof)
summary: - neutron plugin shows all policies to all users
+ neutron plugin shows all policies to all non-admin users
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.0

Review in progress for https://review.opencontrail.org/34278
Submitter: Michel Nederlof (<email address hidden>)

Michel Nederlof (mnederlof)
information type: Proprietary → Public
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.1.1.x

Review in progress for https://review.opencontrail.org/34277
Submitter: Michel Nederlof (<email address hidden>)

Michel Nederlof (mnederlof)
Changed in juniperopenstack:
status: New → Incomplete
status: Incomplete → Fix Committed
status: Fix Committed → In Progress
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.0

Review in progress for https://review.opencontrail.org/34278
Submitter: Michel Nederlof (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/34383
Submitter: Michel Nederlof (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/34383
Committed: http://github.com/Juniper/contrail-neutron-plugin/commit/b571044370d55ae97a9a7cd657be1c10afc95b58
Submitter: Zuul (<email address hidden>)
Branch: master

commit b571044370d55ae97a9a7cd657be1c10afc95b58
Author: Michel Nederlof <email address hidden>
Date: Tue Aug 8 19:36:48 2017 +0200

Only return policies from their own tenant, if not an admin.

Change-Id: Ia800bc3ab3ad73bd4496c7a335b5507fc5d804b4
Closes-bug: #1708401

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/34278
Committed: http://github.com/Juniper/contrail-neutron-plugin/commit/2f007a7d2acfb58480c9ae78f12779fa19c1f603
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 2f007a7d2acfb58480c9ae78f12779fa19c1f603
Author: Michel Nederlof <email address hidden>
Date: Tue Aug 8 19:33:30 2017 +0200

Only return policies from their own tenant, if not an admin.

Change-Id: I29c2632c9bf1d02ffea227d3337df96d79591421
Closes-bug: #1708401

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.1

Review in progress for https://review.opencontrail.org/34397
Submitter: Michel Nederlof (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.2

Review in progress for https://review.opencontrail.org/34398
Submitter: Michel Nederlof (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/34397
Committed: http://github.com/Juniper/contrail-neutron-plugin/commit/7c73df1ec013ef6cf32e996b12112446361a556a
Submitter: Zuul (<email address hidden>)
Branch: R3.1

commit 7c73df1ec013ef6cf32e996b12112446361a556a
Author: Michel Nederlof <email address hidden>
Date: Wed Aug 9 09:03:09 2017 +0200

Only return policies from their own tenant, if not an admin.

Change-Id: I9a51aeeaff9cc29e3a46321966afe346e4c66864
Closes-bug: #1708401

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review2.opencontrail.org/34278
Committed: http://github.com/Juniper/contrail-neutron-plugin/commit/2f007a7d2acfb58480c9ae78f12779fa19c1f603
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 2f007a7d2acfb58480c9ae78f12779fa19c1f603
Author: Michel Nederlof <email address hidden>
Date: Tue Aug 8 19:33:30 2017 +0200

Only return policies from their own tenant, if not an admin.

Change-Id: I29c2632c9bf1d02ffea227d3337df96d79591421
Closes-bug: #1708401

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/34398
Committed: http://github.com/Juniper/contrail-neutron-plugin/commit/1b4338d56358da6fc74e4660aab3e93005f65ddc
Submitter: Zuul (<email address hidden>)
Branch: R3.2

commit 1b4338d56358da6fc74e4660aab3e93005f65ddc
Author: Michel Nederlof <email address hidden>
Date: Wed Aug 9 09:03:48 2017 +0200

Only return policies from their own tenant, if not an admin.

Change-Id: I3128c05927367d4f94ab0bb60a72441c742fc4bb
Closes-bug: #1708401

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.