tenant lists the external network of other tenants
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
Medium
|
Salvatore Orlando |
Bug Description
$ quantum net-list
+------
| id | name | subnets |
+------
| 0b7805ac-
| d08a06e3-
+------
Note:
pubnet is network of other tenant.
net2 is a shared network of other tenant
gongysh@
+------
| Field | Value |
+------
| admin_state_up | True |
| id | 0b7805ac-
| name | pubnet |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | 193dc2ec-
| tenant_id | 3671f46ec35e4bb
+------
gongysh@
{"QuantumError": "Tenant b155cd8ffdc24c7
gongysh@
Created a new port:
+------
| Field | Value |
+------
| admin_state_up | True |
| device_id | |
| device_owner | |
| fixed_ips | |
| id | f10a2647-
| mac_address | fa:16:3e:64:c5:2b |
| name | |
| network_id | d08a06e3-
| status | DOWN |
| tenant_id | b155cd8ffdc24c7
+------
tags: | added: api |
I think this is a possibly undesired effect of the fact that external networks, just like shared networks, can be 'read' by all tenants.
the reason for this is that a tenant should be allowed to set a gateway for his own router on a network he does not own; also he must be allowed to create floating IPs on a network he does not own.
the side effect is that quantum does not provide a way to create an external network which is completely private too.
While this was acceptable for the Folsom model, it is limiting for the Grizzly model, and might end up being unacceptable in Havana.
So I think this bug report is valid, altough its solution won't be very trivial.