Comment 20 for bug 1243327
Revision history for this message
| Akihiro Motoki (amotoki) wrote Re: Routers can be cross plugged by other tenants | #20 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Thanks Aaron for the updated patch.
-1 from me.
Checking device_owner works as expected, but we need to check device_id too. I tested the following scenario and succeeded a router interface to admin router with demo tenant. In this scenario a regular tenant (demo) first adds a router interface to its router and then changes device_id of the router interface to a router of another tenant (admin).
I think we need to check if a tenant can access a router with a specified device_id (= router_id) if (new) device_owner is network:
-----
[admin tenant]
neutron net-create admin-net1
neutron subnet-create --name admin-subnet1 admin-net1 10.2.2.0/24
neutron router-create admin-router
# make sure to schedule router to l3-agent
neutron router-
[demo tenant]
neutron net-create net1
neutron subnet-create --name subnet1 net1 10.1.1.0/24
neutron router-
# Change device_id of the above router interface to admin_router
neutron port-update <port-id of router1 interface> --device_id <admin-router ID>
After restarting l3-agent, I saw an interface corresponding to the router interface from demo tenant in admin-router namespace.
[restart