non-admin user cannot see external address associated with router
Bug #1189358 reported by
Gavin B
This bug report is a duplicate of:
Bug #1255142: unable to get router's external IP when non admin (blocker for VPNaaS).
Edit
Remove
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Triaged
|
Wishlist
|
Jaume Devesa |
Bug Description
VMs on a private network can access the outside world via their gateway - which has an associated port and floating ip address. However there appears to be no means - short of looking from the outside at the source address - to find out what that floating ip address is for a normal user (as admin this is possible).
This gateway info should be available to a user e.g. to permit another tenant to set up security groups.
Expose the info via quantum router-port-list ?
tags: | added: l3-ipam-dhcp |
Changed in neutron: | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
Changed in neutron: | |
assignee: | nobody → Jaume Devesa (devvesa) |
To post a comment you must log in.
Once you have associated a floatingip to a VM port, you see the following as an admin user:
neutron router-port-list ff4007c0- 06c6-4623- 8eda-6b460016e4 d2 -c id -c fixed_ips ------- ------- ------- ------- ----+-- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- + ------- ------- ------- ------- ----+-- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- + 39c2-4126- af8f-8a5e1ac5e4 d8 | {"subnet_id": "e8805f8c- eb5f-4b6d- 9592-c0287bfe42 eb", "ip_address": "192.168.0.225"} | c031-4222- a76f-cfac3f6f21 43 | {"subnet_id": "571b1eb2- f3aa-4e7e- 9bfe-25d6c275ca 10", "ip_address": "10.0.0.1"} | ------- ------- ------- ------- ----+-- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- +
+------
| id | fixed_ips |
+------
| 31312ea2-
| cc0547f9-
+------
and the following as a 'standard' user:
+------ ------- ------- ------- ------- ----+-- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- --+ ------- ------- ------- ------- ----+-- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- --+ c031-4222- a76f-cfac3f6f21 43 | {"subnet_id": "571b1eb2- f3aa-4e7e- 9bfe-25d6c275ca 10", "ip_address": "10.0.0.1"} | ------- ------- ------- ------- ----+-- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- --+
| id | fixed_ips |
+------
| cc0547f9-
+------
So you mean to return the first response even if you are a standard user? Just to clarify