[openstack-dev] [Neutron]Connecting a VM from one tenant to a non-shared network in another tenant
Salvatore Orlando
sorlando at nicira.com
Wed Jul 31 14:41:33 UTC 2013
Hi Sam,
is what you're trying to do tantamount to creating a port on a network
whose tenant_id is different from the network's tenant_id?
We have at the moment a fairly strict ownership check - which does not
allow even admin users to do this operation.
I do not have a strong opinion against relaxing the check, and allowing
admin users to create ports on any network - I don't think this would
constitute a potential vulnerability, as in neutron is someone's manages to
impersonate an admin user, he/she can make much more damage.
Salvatore
On 31 July 2013 16:11, Samuel Bercovici <SamuelB at radware.com> wrote:
> Hi All,****
>
> ** **
>
> We are providing load balancing services via virtual machines running
> under an admin tenant that needs to be connected to VMs attached to a
> non-shared/private tenant network.****
>
> The virtual machine fails to be provisioned connected to the private
> tenant network event if it is provisioned using the admin user which has
> admin role on both tenants. ****
>
> Please advise?****
>
> ** **
>
> Best Regards,****
>
> -Sam.****
>
> ** **
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130731/6baf304e/attachment.html>
More information about the OpenStack-dev
mailing list