There is no verification for tenant-id
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Expired
|
Undecided
|
Unassigned |
Bug Description
tenant-id should be UUID type, but there is no verification in arg parsing.
we can specify arbitrarily tenant id,
$ neutron security-
Created a new security_group:
+------
| Field | Value |
+------
| description | |
| id | 7a4c71cf-
| name | bbb |
| security_
| | {"remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "tenant_id": "123", "port_range_max": null, "security_
| tenant_id | 123 |
+------
Changed in python-neutronclient: | |
assignee: | nobody → yalei wang (yalei-wang) |
affects: | python-neutronclient → neutron |
UUID for tenant_id is true when keystone is used as an identify back-end.
I think keystone is the back-end most deployments adopt, but I am not sure
we should enforce UUID validation to tenant_id field in the Neutron API level.
Even if we enforce it, it should be configurable.