96c669ff15
Previously, a tenant could plug an interface into another tenant's
router if he knew their router_id by creating a port with the correct
device_id and device_owner. This patch prevents this from occuring
by preventing non-admin users from creating ports with device_owner
network:router_interface with a device_id that matches another tenants router.
In addition, it prevents one from updating a ports device_owner and device_id
so that the device_id won't match another tenants router with device_owner
being network:router_interface.
NOTE: with this change it does open up the possiblity for a tenant to discover
router_id's of another tenant's by guessing them and updating a port till
a conflict occurs. That said, randomly guessing the router id would be hard
and in theory should not matter if exposed. We also need to allow a tenant
to update the device_id on network:router_interface ports as this would be
used for by anyone using a vm as a service router. This issue will be fixed in
another patch upstream as a db migration is required but since this needs
to be backported to all stable branches this is not possible.
NOTE: The only plugins affect by this are the ones that use the l3-agent.
NOTE: **One should perform and audit of the ports that are already
attached to routers after applying this patch and remove ports
that a tenant may have cross plugged.**
Change-Id: I8bc6241f537d937e5729072dcc76871bf407cdb3
Closes-bug: #1243327
|
||
|---|---|---|
| .. | ||
| __init__.py | ||
| config.py | ||
| constants.py | ||
| exceptions.py | ||
| ipv6_utils.py | ||
| legacy.py | ||
| log.py | ||
| rpc.py | ||
| test_lib.py | ||
| topics.py | ||
| utils.py | ||