Validate user access to vip_subnet_id when creating a LB
A user was able to create a LB using a vip_subnet_id from another user
(by passing the UUID).
Now, the vip_subnet_id parameter is validated using the user context,
so an error is returned if the subnet doesn't belong to the user.
I479019a911b5a1acfc1951d1cbbc2a351089cb4d was a previous attempt to fix
that bug but vip_subnet_id check was missing.
Story: 2008586
Task: 41741
Depends-On: https://review.opendev.org/774157
Change-Id: I602418264e171a2b1a926eff0b1f9e6dc186295a
(cherry picked from commit 8d86187c0a
)
This commit is contained in:
parent
3cdac6afc0
commit
7d1b81d78f
|
@ -264,7 +264,7 @@ class LoadBalancersController(base.BaseController):
|
|||
# Validate just the subnet id
|
||||
elif load_balancer.vip_subnet_id:
|
||||
subnet = validate.subnet_exists(
|
||||
subnet_id=load_balancer.vip_subnet_id)
|
||||
subnet_id=load_balancer.vip_subnet_id, context=context)
|
||||
load_balancer.vip_network_id = subnet.network_id
|
||||
if load_balancer.vip_qos_policy_id:
|
||||
validate.qos_policy_exists(
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
Fix a bug that allowed a user to create a load balancer on a
|
||||
``vip_subnet_id`` that belongs to another user using the subnet UUID.
|
Loading…
Reference in New Issue