Comment 10 for bug 1243327
Revision history for this message
| Akihiro Motoki (amotoki) wrote Re: Routers can be cross plugged by other tenants | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Hi Aaron,
Ah.. Good catch. I agree that we need to use another approach. I am not sure there is a case where multiple tenants connects to one router too.
Your alternative approach to not allow create/update_port to be called with device_owner router_interface sounds reasonable.
In general device_id and device_owner attributes of ports created by Neutron internally should not be specified by a regular user. I think it is no problem admin user can specify device_owner router_interface.
An approach in my mind is a bit different from your original one. It is to not allow create/update_port with device_owner router_interface **for normal users.** In this approach we can use elevated context for create_port from router-
Thought?