Previously, one could update a port's device_id in neutron to be
that of another tenant's instance_id and then be able to retrieve
that instance's metadata. This patch prevents this from occurring by
checking that X-Tenant-ID received from the metadata request matches
the tenant_id in the nova database.
DocImpact - This patch is dependent on another patch in neutron which adds X-Tenant-ID to the request. Therefore to minimize downtime one should upgrade Neutron first (then restart neutron-metadata-agent) and lastly update nova.
Reviewed: https:/ /review. openstack. org/61435 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=af2f8231070 10933ecd94a9c93 8f8b739baaecb7
Committed: https:/
Submitter: Jenkins
Branch: stable/havana
commit af2f82310701093 3ecd94a9c938f8b 739baaecb7
Author: Aaron Rosen <email address hidden>
Date: Mon Oct 7 13:33:31 2013 -0700
Prevent spoofing instance_id from neutron to nova
Previously, one could update a port's device_id in neutron to be
that of another tenant's instance_id and then be able to retrieve
that instance's metadata. This patch prevents this from occurring by
checking that X-Tenant-ID received from the metadata request matches
the tenant_id in the nova database.
DocImpact - This patch is dependent on another patch in neutron
which adds X-Tenant-ID to the request. Therefore to
minimize downtime one should upgrade Neutron first (then
restart neutron- metadata- agent) and lastly update nova.
Change-Id: I93bf662797c398 6324ca2099b4038 33c2e990fb4
Closes-Bug: #1235450