the problem is that the user can change 'device-id', how about disabling to update the device-id once upon the device-id is assigned value?
with the solution:
In order to fix this issue I believe we need to also pass the tenant-id in the metadata request to nova. When nova receives the request it will now have to query it's database using the instance_id and check that the tenant_id's match. Using the tenant_id solves this issue as the user is not allowed to specify or update this field.
one user can still steal all the instance's metadata belong to the same tenant.
the problem is that the user can change 'device-id', how about disabling to update the device-id once upon the device-id is assigned value?
with the solution:
In order to fix this issue I believe we need to also pass the tenant-id in the metadata request to nova. When nova receives the request it will now have to query it's database using the instance_id and check that the tenant_id's match. Using the tenant_id solves this issue as the user is not allowed to specify or update this field.
one user can still steal all the instance's metadata belong to the same tenant.