af2f823107
Previously, one could update a port's device_id in neutron to be that of another tenant's instance_id and then be able to retrieve that instance's metadata. This patch prevents this from occurring by checking that X-Tenant-ID received from the metadata request matches the tenant_id in the nova database. DocImpact - This patch is dependent on another patch in neutron which adds X-Tenant-ID to the request. Therefore to minimize downtime one should upgrade Neutron first (then restart neutron-metadata-agent) and lastly update nova. Change-Id: I93bf662797c3986324ca2099b403833c2e990fb4 Closes-Bug: #1235450 |
||
---|---|---|
.. | ||
ec2 | ||
metadata | ||
openstack | ||
__init__.py | ||
auth.py | ||
manager.py | ||
sizelimit.py | ||
validator.py |