]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commit
Code Review / openstack-build / neutron-build.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 76d873a) | patch
Block allowed address pairs on other tenants' net
authorKevin Benton <blak111@gmail.com>
Tue, 21 Apr 2015 09:01:39 +0000 (02:01 -0700)
committerKevin Benton <blak111@gmail.com>
Tue, 21 Apr 2015 18:28:59 +0000 (11:28 -0700)
commit927399c011409b7d152b7670b896f15eee7d0db3
treee6decd6d98e33056243d470bbded0772d8ca941ftree | snapshot
parent76d873a452e340944e2e3242e8bb1722e3c036e8commit | diff
Block allowed address pairs on other tenants' net

Don't allow tenants to use the allowed address pairs extension
when they are attaching a port to a network that does not belong
to them.

This is done because allowed address pairs can allow things like
ARP spoofing and all tenants attached to a shared network might not
implicitly trust each other.

Change-Id: Ie6c3e8ad04103804e40f2b043202387385e62ca5
Closes-Bug: #1447242
etc/policy.json diff | blob | history
neutron/tests/api/admin/test_shared_network_extension.py diff | blob | history
neutron/tests/etc/policy.json diff | blob | history