af2f823107
Previously, one could update a port's device_id in neutron to be
that of another tenant's instance_id and then be able to retrieve
that instance's metadata. This patch prevents this from occurring by
checking that X-Tenant-ID received from the metadata request matches
the tenant_id in the nova database.
DocImpact - This patch is dependent on another patch in neutron
which adds X-Tenant-ID to the request. Therefore to
minimize downtime one should upgrade Neutron first (then
restart neutron-metadata-agent) and lastly update nova.
Change-Id: I93bf662797c3986324ca2099b403833c2e990fb4
Closes-Bug: #1235450
|
||
|---|---|---|
| .. | ||
| ec2 | ||
| metadata | ||
| openstack | ||
| __init__.py | ||
| auth.py | ||
| manager.py | ||
| sizelimit.py | ||
| validator.py | ||