Skip to content
This repository has been archived by the owner. It is now read-only.

Filter openstack floating IPs by tenant ID #1809

Closed
wants to merge 1 commit into from

Conversation

@omgjlk
Copy link

@omgjlk omgjlk commented Sep 5, 2015

If the user in question happens to be an admin user, they may see
floating IPs that are from other tenants. Attempts to use such IPs will
result in an error, as the tenant of the IP doesn't match the tenant of
the instance. Filtering by ID limits the returned IPs to those that are
valid for the tenant.

Unfortunately the filtering has to be done by tenant ID, not name, so we
need to interact with the identity end point to map the tenant name to
ID if only the name was provided. Currently this only supports the v2
identity endpoint.

Signed-off-by: Jesse Keating jkeating@j2solutions.net

If the user in question happens to be an admin user, they may see
floating IPs that are from other tenants. Attempts to use such IPs will
result in an error, as the tenant of the IP doesn't match the tenant of
the instance. Filtering by ID limits the returned IPs to those that are
valid for the tenant.

Unfortunately the filtering has to be done by tenant ID, not name, so we
need to interact with the identity end point to map the tenant name to
ID if only the name was provided. Currently this only supports the v2
identity endpoint.

Signed-off-by: Jesse Keating <jkeating@j2solutions.net>
@omgjlk omgjlk force-pushed the filter-openstack-floating branch from 176e1e6 to 3ad5dce Sep 5, 2015
@ehazlett
Copy link
Contributor

@ehazlett ehazlett commented Sep 5, 2015

@@ -516,6 +517,27 @@ func (d *Driver) resolveIds() error {
}).Debug("Found floating IP pool id using its name")
}

if d.TenantName != "" {
Copy link
Contributor

@ggiamarchi ggiamarchi Oct 9, 2015

If think it would be better to check if d.TenantId == "" rather than if d.TenantName != "" because it's common to have an OpenStack rc file containing both the tenant id and the tenant name. In such a situation it would be a pity to compute the id from the name.

@dmp42
Copy link
Contributor

@dmp42 dmp42 commented Oct 9, 2015

@j2sol can you address @ggiamarchi comments?
@ggiamarchi save your one comment, is this going in the right direction?

Thank you both!

@omgjlk
Copy link
Author

@omgjlk omgjlk commented Oct 9, 2015

Yup, I'll address it.

@dgageot
Copy link
Contributor

@dgageot dgageot commented Dec 22, 2015

Merged with #2589

@dgageot dgageot closed this Dec 22, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants