non-admin user cannot see external address associated with router

Bug #1189358 reported by Gavin B
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
Triaged
Wishlist
Jaume Devesa

Bug Description

VMs on a private network can access the outside world via their gateway - which has an associated port and floating ip address. However there appears to be no means - short of looking from the outside at the source address - to find out what that floating ip address is for a normal user (as admin this is possible).

This gateway info should be available to a user e.g. to permit another tenant to set up security groups.
Expose the info via quantum router-port-list ?

Tags: l3-ipam-dhcp
tags: added: l3-ipam-dhcp
Changed in neutron:
importance: Undecided → Wishlist
status: New → Triaged
Jaume Devesa (devvesa)
Changed in neutron:
assignee: nobody → Jaume Devesa (devvesa)
Revision history for this message
Jaume Devesa (devvesa) wrote :

Once you have associated a floatingip to a VM port, you see the following as an admin user:

neutron router-port-list ff4007c0-06c6-4623-8eda-6b460016e4d2 -c id -c fixed_ips
+--------------------------------------+--------------------------------------------------------------------------------------+
| id | fixed_ips |
+--------------------------------------+--------------------------------------------------------------------------------------+
| 31312ea2-39c2-4126-af8f-8a5e1ac5e4d8 | {"subnet_id": "e8805f8c-eb5f-4b6d-9592-c0287bfe42eb", "ip_address": "192.168.0.225"} |
| cc0547f9-c031-4222-a76f-cfac3f6f2143 | {"subnet_id": "571b1eb2-f3aa-4e7e-9bfe-25d6c275ca10", "ip_address": "10.0.0.1"} |
+--------------------------------------+--------------------------------------------------------------------------------------+

and the following as a 'standard' user:

+--------------------------------------+---------------------------------------------------------------------------------+
| id | fixed_ips |
+--------------------------------------+---------------------------------------------------------------------------------+
| cc0547f9-c031-4222-a76f-cfac3f6f2143 | {"subnet_id": "571b1eb2-f3aa-4e7e-9bfe-25d6c275ca10", "ip_address": "10.0.0.1"} |
+--------------------------------------+---------------------------------------------------------------------------------+

So you mean to return the first response even if you are a standard user? Just to clarify

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.