Ah.. Good catch. I agree that we need to use another approach. I am not sure there is a case where multiple tenants connects to one router too.
Your alternative approach to not allow create/update_port to be called with device_owner router_interface sounds reasonable.
In general device_id and device_owner attributes of ports created by Neutron internally should not be specified by a regular user. I think it is no problem admin user can specify device_owner router_interface.
An approach in my mind is a bit different from your original one. It is to not allow create/update_port with device_owner router_interface **for normal users.** In this approach we can use elevated context for create_port from router-interface-add and an additional parameter is unnecessary.
Hi Aaron,
Ah.. Good catch. I agree that we need to use another approach. I am not sure there is a case where multiple tenants connects to one router too.
Your alternative approach to not allow create/update_port to be called with device_owner router_interface sounds reasonable.
In general device_id and device_owner attributes of ports created by Neutron internally should not be specified by a regular user. I think it is no problem admin user can specify device_owner router_interface.
An approach in my mind is a bit different from your original one. It is to not allow create/update_port with device_owner router_interface **for normal users.** In this approach we can use elevated context for create_port from router- interface- add and an additional parameter is unnecessary.
Thought?