[Yahoo-eng-team] [Bug 1338885] Re: fwaas: admin should not be able to create firewall rule for non existing tenant
[Expired for neutron because there has been no activity for 60 days.] ** Changed in: neutron Status: Incomplete => Expired -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1338885 Title: fwaas: admin should not be able to create firewall rule for non existing tenant Status in neutron: Expired Bug description: Admin should not be able to create resources for non existing tenant. Steps to Reproduce: Actual Results: root@IGA-OSC:~# neutron firewall-rule-create --protocol tcp --action deny --tenant-id bf4fbb928d574829855ebfd9e5d0e -->(non existing tenant-id. changed the last few characters) Created a new firewall_rule: ++--+ | Field | Value| ++--+ | action | deny | | description| | | destination_ip_address | | | destination_port | | | enabled| True | | firewall_policy_id | | | id | 7264e5a6-5752-4518-b26b-7c7395173747 | | ip_version | 4| | name | | | position | | | protocol | tcp | | shared | False| | source_ip_address | | | source_port| | | tenant_id | bf4fbb928d574829855ebfd9e5d0e| ++--+ root@IGA-OSC:~# ktl +--+-+-+ |id| name | enabled | +--+-+-+ | 0ad385e00e97476e9456945c079a21ea | admin | True | | 43af7b7c0dbc40bd90d03cc08df201ce | service | True | | d9481c57a11c46eea62886938b5378a7 | tenant1 | True | | bf4fbb928d574829855ebfd9e5d0e58c | tenant2 | True | +--+-+-+ == To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1338885/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1338885] Re: fwaas: admin should not be able to create firewall rule for non existing tenant
** Changed in: neutron Assignee: Mithil Arun (arun-mithil) => (unassigned) ** Changed in: neutron Status: Opinion => Incomplete -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1338885 Title: fwaas: admin should not be able to create firewall rule for non existing tenant Status in neutron: Incomplete Bug description: Admin should not be able to create resources for non existing tenant. Steps to Reproduce: Actual Results: root@IGA-OSC:~# neutron firewall-rule-create --protocol tcp --action deny --tenant-id bf4fbb928d574829855ebfd9e5d0e -->(non existing tenant-id. changed the last few characters) Created a new firewall_rule: ++--+ | Field | Value| ++--+ | action | deny | | description| | | destination_ip_address | | | destination_port | | | enabled| True | | firewall_policy_id | | | id | 7264e5a6-5752-4518-b26b-7c7395173747 | | ip_version | 4| | name | | | position | | | protocol | tcp | | shared | False| | source_ip_address | | | source_port| | | tenant_id | bf4fbb928d574829855ebfd9e5d0e| ++--+ root@IGA-OSC:~# ktl +--+-+-+ |id| name | enabled | +--+-+-+ | 0ad385e00e97476e9456945c079a21ea | admin | True | | 43af7b7c0dbc40bd90d03cc08df201ce | service | True | | d9481c57a11c46eea62886938b5378a7 | tenant1 | True | | bf4fbb928d574829855ebfd9e5d0e58c | tenant2 | True | +--+-+-+ == To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1338885/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1338885] Re: fwaas: admin should not be able to create firewall rule for non existing tenant
I doubt this fits neutron, at least for now. Neutron is not tenant-aware in the sense that it doesn't verify tenants against keystone. And I don't think that's what we could do to fix this issue. ** Changed in: neutron Status: Confirmed = Opinion -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1338885 Title: fwaas: admin should not be able to create firewall rule for non existing tenant Status in OpenStack Neutron (virtual network service): Opinion Bug description: Admin should not be able to create resources for non existing tenant. Steps to Reproduce: Actual Results: root@IGA-OSC:~# neutron firewall-rule-create --protocol tcp --action deny --tenant-id bf4fbb928d574829855ebfd9e5d0e --(non existing tenant-id. changed the last few characters) Created a new firewall_rule: ++--+ | Field | Value| ++--+ | action | deny | | description| | | destination_ip_address | | | destination_port | | | enabled| True | | firewall_policy_id | | | id | 7264e5a6-5752-4518-b26b-7c7395173747 | | ip_version | 4| | name | | | position | | | protocol | tcp | | shared | False| | source_ip_address | | | source_port| | | tenant_id | bf4fbb928d574829855ebfd9e5d0e| ++--+ root@IGA-OSC:~# ktl +--+-+-+ |id| name | enabled | +--+-+-+ | 0ad385e00e97476e9456945c079a21ea | admin | True | | 43af7b7c0dbc40bd90d03cc08df201ce | service | True | | d9481c57a11c46eea62886938b5378a7 | tenant1 | True | | bf4fbb928d574829855ebfd9e5d0e58c | tenant2 | True | +--+-+-+ == To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1338885/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp