FIP attached to fixed-ip remains even when port is update with other fixed-ips
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
In Progress
|
Medium
|
yanpuqing |
Bug Description
When we create a port on a network and attach fip to the port with let's say fixed-ip IP1
Then we attach FIP to the port. Now update the port with other fixed-ips other than IP1, the port gets updated but the FIP is not and the FIP is still attached to the port with fixed-ip IP1.
Neutron should block updation of port if that Fip is already attached to the vport with fixed-ip.
Step-by-step reproduction steps:
neutron router-create router
neutron net-create private
neutron subnet-create private 10.0.0.0/24 --name private_subnet
neutron router-
neutron net-create public --router:
neutron subnet-create public 192.124.0.0/24 --name public_subnet --enable_dhcp=False --allocation-pool start=192.
neutron router-gateway-set router public
neutron port-create private --fixed-ip subnet_
neutron floatingip-create public --name fip
neutron floatingip-
neutron port-update port1 --fixed-ip subnet_
neutron floatingip-show fip1 -> will show the fip is associate with port with fixed-ip 10.0.0.10 which even doesn
Expected output:
I think we should fail at a point when we update a port with fixed-ips, if fixed-ip doesn't contain original fixed-ip and fip is attached to it.
Actual output: did the system silently fail (in this case log traces are useful)?
https:/
* Version:
** stable/ocata, stable/pike etc...
** Ubuntu16.04
** DevStack
Perceived severity: Medium
Changed in neutron: | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in neutron: | |
assignee: | nobody → yanpuqing (ycx) |
information type: | Public → Public Security |
Changed in neutron: | |
status: | Confirmed → In Progress |
I've switched this report back to a normal bug. If you really do believe it to represent a potential security vulnerability, please comment with your rationale. Thanks.