neutron

Quota does not check invalid tenant_id

Bug #1771781 reported by Yang Youseok on 2018-05-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	New	Undecided	Unassigned

Bug Description

Currently, neutron quota API accept invalid tenant_id value without validation. Even user can add arbitrary quota entry which is not existed because by default quota engine create new entry if the queried entry is not found.

This bug is also found across the other openstack projects (nova, trove ..) using similar quota logic, and nova side there was commit to fix it (https://review.openstack.org/#/c/435010/). I found neutron did not have any similar approach, so It worth to talk about the solution. (which access to keystone API in the middle of quota API).

Revision history for this message

Deepak Mourya (mourya007) wrote on 2018-05-23:

hi, yes i can reproduce the bug with

1. using wrong tenant-id

2. Wrong format of tenant-id
neutron quota-show --tenant-id 4659a57c3e084a6c9a22447#####

Deepak Mourya (mourya007) on 2018-05-24

Changed in neutron:
assignee:	nobody → Deepak Mourya (mourya007)

Revision history for this message

Liu Xie (liushy) wrote on 2018-05-25:

yeah,i think these problems should be paid attention to.
1.tenant_id of port whether same as the associated network's
2. tenant_id of listener with the associated loadbalancer's
and so on...

Revision history for this message

Deepak Mourya (mourya007) wrote on 2018-05-31:

yes so what should be the good approach to handle this, Like in nova they are verify the same using keystone[1]

[1] https://review.openstack.org/#/c/435010/13/nova/api/openstack/identity.py