New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Filter openstack floating IPs by tenant ID #1809

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
5 participants
@omgjlk

omgjlk commented Sep 5, 2015

If the user in question happens to be an admin user, they may see
floating IPs that are from other tenants. Attempts to use such IPs will
result in an error, as the tenant of the IP doesn't match the tenant of
the instance. Filtering by ID limits the returned IPs to those that are
valid for the tenant.

Unfortunately the filtering has to be done by tenant ID, not name, so we
need to interact with the identity end point to map the tenant name to
ID if only the name was provided. Currently this only supports the v2
identity endpoint.

Signed-off-by: Jesse Keating jkeating@j2solutions.net

Filter openstack floating IPs by tenant ID
If the user in question happens to be an admin user, they may see
floating IPs that are from other tenants. Attempts to use such IPs will
result in an error, as the tenant of the IP doesn't match the tenant of
the instance. Filtering by ID limits the returned IPs to those that are
valid for the tenant.

Unfortunately the filtering has to be done by tenant ID, not name, so we
need to interact with the identity end point to map the tenant name to
ID if only the name was provided. Currently this only supports the v2
identity endpoint.

Signed-off-by: Jesse Keating <jkeating@j2solutions.net>
@ehazlett

This comment has been minimized.

Show comment
Hide comment
@ehazlett
Member

ehazlett commented Sep 5, 2015

@@ -516,6 +517,27 @@ func (d *Driver) resolveIds() error {
}).Debug("Found floating IP pool id using its name")
}
if d.TenantName != "" {

This comment has been minimized.

@ggiamarchi

ggiamarchi Oct 9, 2015

Contributor

If think it would be better to check if d.TenantId == "" rather than if d.TenantName != "" because it's common to have an OpenStack rc file containing both the tenant id and the tenant name. In such a situation it would be a pity to compute the id from the name.

@ggiamarchi

ggiamarchi Oct 9, 2015

Contributor

If think it would be better to check if d.TenantId == "" rather than if d.TenantName != "" because it's common to have an OpenStack rc file containing both the tenant id and the tenant name. In such a situation it would be a pity to compute the id from the name.

@dmp42

This comment has been minimized.

Show comment
Hide comment
@dmp42

dmp42 Oct 9, 2015

Member

@j2sol can you address @ggiamarchi comments?
@ggiamarchi save your one comment, is this going in the right direction?

Thank you both!

Member

dmp42 commented Oct 9, 2015

@j2sol can you address @ggiamarchi comments?
@ggiamarchi save your one comment, is this going in the right direction?

Thank you both!

@omgjlk

This comment has been minimized.

Show comment
Hide comment
@omgjlk

omgjlk Oct 9, 2015

Yup, I'll address it.

omgjlk commented Oct 9, 2015

Yup, I'll address it.

@dgageot

This comment has been minimized.

Show comment
Hide comment
@dgageot

dgageot Dec 22, 2015

Collaborator

Merged with #2589

Collaborator

dgageot commented Dec 22, 2015

Merged with #2589

@dgageot dgageot closed this Dec 22, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment