neutron

There is no verification for tenant-id

Bug #1480859 reported by yalei wang
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
neutron
Expired
Undecided
Unassigned

Bug Description

tenant-id should be UUID type, but there is no verification in arg parsing.

we can specify arbitrarily tenant id,
$ neutron security-group-create bbb --tenant-id=123
Created a new security_group:
+----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| description | |
| id | 7a4c71cf-0df3-4c77-a89a-a2078f576a7f |
| name | bbb |
| security_group_rules | {"remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "tenant_id": "123", "port_range_max": null, "security_group_id": "7a4c71cf-0df3-4c77-a89a-a2078f576a7f", "port_range_min": null, "ethertype": "IPv4", "id": "a08af0f3-bd1a-4103-828a-70e13adb6137"} |
| | {"remote_group_id": null, "direction": "egress", "remote_ip_prefix": null, "protocol": null, "tenant_id": "123", "port_range_max": null, "security_group_id": "7a4c71cf-0df3-4c77-a89a-a2078f576a7f", "port_range_min": null, "ethertype": "IPv6", "id": "60c94545-c2fb-4045-9b4d-abdebec9a2e9"} |
| tenant_id | 123 |
+----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

yalei wang (yalei-wang)
Changed in python-neutronclient:
assignee: nobody → yalei wang (yalei-wang)
yalei wang (yalei-wang)
affects: python-neutronclient → neutron
Revision history for this message
Akihiro Motoki (amotoki) wrote :

UUID for tenant_id is true when keystone is used as an identify back-end.
I think keystone is the back-end most deployments adopt, but I am not sure
we should enforce UUID validation to tenant_id field in the Neutron API level.
Even if we enforce it, it should be configurable.

Revision history for this message
yalei wang (yalei-wang) wrote :

Thanks amotoki,

there is validation in l3 extension code, like

https://github.com/openstack/neutron/blob/master/neutron/extensions/l3.py#L99

could we add a similar line for the securitygoup ?

https://github.com/openstack/neutron/blob/master/neutron/extensions/securitygroup.py#L218

Revision history for this message
yong sheng gong (gongysh) wrote :

It seems they should be consistent at least.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (master)

Change abandoned by yalei wang (<email address hidden>) on branch: master
Review: https://review.openstack.org/208877

Revision history for this message
Armando Migliaccio (armando-migliaccio) wrote :

This bug is > 172 days without activity. We are unsetting assignee and milestone and setting status to Incomplete in order to allow its expiry in 60 days.

If the bug is still valid, then update the bug status.

Changed in neutron:
assignee: yalei wang (yalei-wang) → nobody
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.