tenantA can add other tenants' subnets to his router
I made a experiment on my machine, ant the result is amazing.
1. I have a userrc file with contents below:
root@controller:~# vi /root/userrc
export OS_TENANT_
export OS_USERNAME=
export OS_PASSWORD=
export OS_AUTH_URL="http://
export SERVICE_ENDPOINT="http://
2. there are two tenants:
root@controller:~# keystone tenant-list
+------
| id | name | enabled |
+------
| 60e580365e80445
| 678d0215c86a40f
3. there is a router for tenant 'project_one' named 'router_proj_one':
root@controller:~# quantum router-show ccf5f323-
+------
| Field | Value |
+------
| admin_state_up | True |
| external_
| id | ccf5f323-
| name | router_proj_one |
| status | ACTIVE |
| tenant_id | 678d0215c86a40f
+------
4. there is a subnet for tenant 'demo':
root@controller:~# quantum subnet-show 136d5eab-
+------
| Field | Value |
+------
| allocation_pools | {"start": "10.0.1.2", "end": "10.0.1.254"} |
| cidr | 10.0.1.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.0.1.1 |
| host_routes | |
| id | 136d5eab-
| ip_version | 4 |
| name | |
| network_id | 074f6c64-
| tenant_id | 60e580365e80445
+------
5. tenant 'project_one' add subnet of tenant 'demo' to his router:
root@controller:~# source /root/userrc
root@controller:~# quantum router-
Added interface to router router_proj_one
success! It means that any one can add others' subnet to his router without others' permission!
and I cannot find any verification with subnet I want to add in the function 'add_router_
is it a bug?
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- neutron Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- yong sheng gong
- Solved:
- Last query:
- Last reply: