Port's device_owner field should not be editable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Invalid
|
Medium
|
Vishal Agarwal |
Bug Description
According to 'delete_router' code, a router can not be deleted if there is a user port attached to it with device_
port_count = self._core_
if port_count:
raise l3.RouterInUse(
At this is what happens when you try to delete a router with the admin user:
vagrant@
Router 83d2c3d7-
However, if you switch user and edit the device_owner of the port attached to the router:
vagrant@
vagrant@
+--
| id | fixed_ips | device_owner |
+--
| 4f82e9a3-
vagrant@
Updated port: 4f82e9a3-
The condition that avoids the router deletion does not exist anymore. Hence, you can switch back to admin user and delete the router:
vagrant@
vagrant@
Deleted router: 83d2c3d7-
From the point of view of the raw user, the port still exist, and with the same device_id:
vagrant@
vagrant@
+--
| id | fixed_ips | device_owner | device_id |
+--
| 4f82e9a3-
+--
I would suggest:
* Don't let edit the device_owner field
* Modify the first chunck of code to count ports based on device id instead of device_owner
or both...
CVE References
description: | updated |
Changed in neutron: | |
assignee: | nobody → Vishal Agarwal (vishala) |
device_owner should be editable, it is important for us to implement 'attach interface to vm' in nova.