From what I can tell, neutron ports do not have the concept of an
"owner" that is a user. They have "device_owner", which seems to be
more for things like assigning to a router.
The reason I bring this up is because there seems to be no way to
restrict the update/delete of a port to only the owner of the nova
server it's attached to. You can set the policy file to enforce
tenant_id, but that would still allow any user in a tenant to delete any
OTHER user's neutron port in that same tenant.
This actually seems like a security problem to me. But given it deals
with a core neutron object, maybe the best way to approach it is with a
blueprint in Liberty rather than a bug...
Thoughts?
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
