Hey Kevin, Thanks for the quick response. But any particular use-case where we would need port/network from different tenants unless it’s a shared network?
Thanks, Varun From: Kevin Benton <[email protected]<mailto:[email protected]>> Reply-To: "OpenStack Development Mailing List (not for usage questions)" <[email protected]<mailto:[email protected]>> Date: Tuesday, February 10, 2015 at 2:33 PM To: "OpenStack Development Mailing List (not for usage questions)" <[email protected]<mailto:[email protected]>> Subject: Re: [openstack-dev] [neutron] - port-create with network from a different tenant does not fail You can have ports from different tenants in a network. It's an admin-only capability unless the network is marked as "shared". On Tue, Feb 10, 2015 at 2:30 PM, Varun Lodaya <[email protected]<mailto:[email protected]>> wrote: Adding the right subject line. From: Varun Lodaya <[email protected]<mailto:[email protected]>> Date: Tuesday, February 10, 2015 at 2:26 PM To: "OpenStack Development Mailing List (not for usage questions)" <[email protected]<mailto:[email protected]>> Subject: port-create with network from a different tenant does not fail Hi, We were seeing this issue where if the user role is admin in 2 tenants A and B and he issues neutron port-create <network-id> in tenant A where <network-id> is in tenant B, it ends up creating that port. Ideally, it should have failed since you cannot have the port/network in different tenants. varunlodaya@ubuntu:~/devstack$ neutron port-show fc6917ea-0c0c-4ec5-9202-4441701c9984 +-----------------------+----------------------------------------------------------------------------------+ | Field | Value | +-----------------------+----------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | | | binding:profile | {} | | binding:vif_details | {} | | binding:vif_type | unbound | | binding:vnic_type | normal | | device_id | | | device_owner | | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "8c9f5682-daf8-40e1-9b6a-57cfed7f024c", "ip_address": "10.1.1.13"} | | id | fc6917ea-0c0c-4ec5-9202-4441701c9984 | | mac_address | fa:16:3e:18:6e:95 | | name | | | network_id | 0036a345-35ea-42c8-a66c-f9831d0a03a5 | | security_groups | 45786089-d53f-4eec-8be6-cb49766e55c1 | | status | DOWN | | tenant_id | d0d1e6e21268418b8888b0adcea413a3 | +-----------------------+----------------------------------------------------------------------------------+ varunlodaya@ubuntu:~/devstack$ neutron net-show 0036a345-35ea-42c8-a66c-f9831d0a03a5 +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 0036a345-35ea-42c8-a66c-f9831d0a03a5 | | name | alt_private | | provider:network_type | vxlan | | provider:physical_network | | | provider:segmentation_id | 1003 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | 8c9f5682-daf8-40e1-9b6a-57cfed7f024c | | tenant_id | 099bfd6e59434b51a479ab7142ff01df | +---------------------------+--------------------------------------+ varunlodaya@ubuntu:~/devstack$ Is this an expected behavior or a known bug? Should I create a new one? Thanks, Varun __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe<http://[email protected]?subject:unsubscribe> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Kevin Benton
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
