[openstack-dev] [neutron] - port-create with network from a different tenant does not fail
Kevin Benton
blak111 at gmail.com
Tue Feb 10 22:33:34 UTC 2015
You can have ports from different tenants in a network. It's an admin-only
capability unless the network is marked as "shared".
On Tue, Feb 10, 2015 at 2:30 PM, Varun Lodaya <Varun_Lodaya at symantec.com>
wrote:
> Adding the right subject line.
>
> From: Varun Lodaya <Varun_Lodaya at symantec.com>
> Date: Tuesday, February 10, 2015 at 2:26 PM
> To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev at lists.openstack.org>
> Subject: port-create with network from a different tenant does not fail
>
> Hi,
>
> We were seeing this issue where if the user role is admin in 2 tenants A
> and B and he issues neutron port-create <network-id> in tenant A where
> <network-id> is in tenant B, it ends up creating that port. Ideally, it
> should have failed since you cannot have the port/network in different
> tenants.
>
> varunlodaya at ubuntu:~/devstack$ neutron port-show
> fc6917ea-0c0c-4ec5-9202-4441701c9984
>
> +-----------------------+----------------------------------------------------------------------------------+
> | Field | Value
> |
>
> +-----------------------+----------------------------------------------------------------------------------+
> | admin_state_up | True
> |
> | allowed_address_pairs |
> |
> | binding:host_id |
> |
> | binding:profile | {}
> |
> | binding:vif_details | {}
> |
> | binding:vif_type | unbound
> |
> | binding:vnic_type | normal
> |
> | device_id |
> |
> | device_owner |
> |
> | extra_dhcp_opts |
> |
> | fixed_ips | {"subnet_id":
> "8c9f5682-daf8-40e1-9b6a-57cfed7f024c", "ip_address": "10.1.1.13"} |
> | id | fc6917ea-0c0c-4ec5-9202-4441701c9984
> |
> | mac_address | fa:16:3e:18:6e:95
> |
> | name |
> |
> | network_id | 0036a345-35ea-42c8-a66c-f9831d0a03a5
> |
> | security_groups | 45786089-d53f-4eec-8be6-cb49766e55c1
> |
> | status | DOWN
> |
> | tenant_id | d0d1e6e21268418b8888b0adcea413a3
> |
>
> +-----------------------+----------------------------------------------------------------------------------+
> varunlodaya at ubuntu:~/devstack$ neutron net-show
> 0036a345-35ea-42c8-a66c-f9831d0a03a5
> +---------------------------+--------------------------------------+
> | Field | Value |
> +---------------------------+--------------------------------------+
> | admin_state_up | True |
> | id | 0036a345-35ea-42c8-a66c-f9831d0a03a5 |
> | name | alt_private |
> | provider:network_type | vxlan |
> | provider:physical_network | |
> | provider:segmentation_id | 1003 |
> | router:external | False |
> | shared | False |
> | status | ACTIVE |
> | subnets | 8c9f5682-daf8-40e1-9b6a-57cfed7f024c |
> | tenant_id | 099bfd6e59434b51a479ab7142ff01df |
> +---------------------------+--------------------------------------+
> varunlodaya at ubuntu:~/devstack$
>
>
> Is this an expected behavior or a known bug? Should I create a new one?
>
> Thanks,
> Varun
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
Kevin Benton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150210/ff13fc30/attachment.html>
More information about the OpenStack-dev
mailing list