Neutron-LBaaS v2: Invalid tenant id accepted on "add member to pool"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
1. Create load balancer as an admin.
2. Create pool as an admin.
3. As an admin, add member to pool but using an invalid tenant id. (e.g., "$232!$pw" )
Result: API returns 201
Expected: API should return BadRequest 400
Log:
2016-04-19 00:51:53,500 3286 INFO [tempest.
2016-04-19 00:51:53,500 3286 DEBUG [tempest.
Body: {"member": {"tenant_id": "$232!$pw", "address": "10.0.0.8", "subnet_id": "c0239aee-
Response - Headers: {'content-type': 'application/json', 'date': 'Tue, 19 Apr 2016 00:51:53 GMT', 'x-openstack-
Body: {"member": {"name": "", "weight": 1, "admin_state_up": true, "subnet_id": "c0239aee-
This was discussed in a neutron meeting about six months ago, with the decision to not validate the tenant. I don't agree, but that was the decision.