review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

Code Review / openstack-build / neutron-build.git / commit

author	Kevin Benton <blak111@gmail.com>
	Tue, 21 Apr 2015 09:01:39 +0000 (02:01 -0700)
committer	Kevin Benton <kevinbenton@buttewifi.com>
	Thu, 7 May 2015 21:38:11 +0000 (21:38 +0000)
commit	4c9a4bf337b27a8cc85dd97ab403f348b6efeb88
tree	5cde3821746e64e2d2e21ff0098a661419dedb1e	tree \| snapshot
parent	696239b39282e99f07378cad1bd63d6021cde492	commit \| diff

Block allowed address pairs on other tenants' net

Don't allow tenants to use the allowed address pairs extension
when they are attaching a port to a network that does not belong
to them.

This is done because allowed address pairs can allow things like
ARP spoofing and all tenants attached to a shared network might not
implicitly trust each other.

Change-Id: Ie6c3e8ad04103804e40f2b043202387385e62ca5
Closes-Bug: #1447242
(cherry picked from commit 927399c011409b7d152b7670b896f15eee7d0db3)

etc/policy.json		diff \| blob \| history
neutron/tests/api/admin/test_shared_network_extension.py		diff \| blob \| history
neutron/tests/etc/policy.json		diff \| blob \| history

RSS Atom