Validate user access to vip_subnet_id when creating a LB
A user was able to create a LB using a vip_subnet_id from another user (by passing the UUID). Now, the vip_subnet_id parameter is validated using the user context, so an error is returned if the subnet doesn't belong to the user. I479019a911b5a1acfc1951d1cbbc2a351089cb4d was a previous attempt to fix that bug but vip_subnet_id check was missing. Story: 2008586 Task: 41741 Depends-On: https://review.opendev.org/774157 Change-Id: I602418264e171a2b1a926eff0b1f9e6dc186295a
This commit is contained in:
parent
6c54eab5b5
commit
8d86187c0a
@ -264,7 +264,7 @@ class LoadBalancersController(base.BaseController):
|
|||||||
# Validate just the subnet id
|
# Validate just the subnet id
|
||||||
elif load_balancer.vip_subnet_id:
|
elif load_balancer.vip_subnet_id:
|
||||||
subnet = validate.subnet_exists(
|
subnet = validate.subnet_exists(
|
||||||
subnet_id=load_balancer.vip_subnet_id)
|
subnet_id=load_balancer.vip_subnet_id, context=context)
|
||||||
load_balancer.vip_network_id = subnet.network_id
|
load_balancer.vip_network_id = subnet.network_id
|
||||||
if load_balancer.vip_qos_policy_id:
|
if load_balancer.vip_qos_policy_id:
|
||||||
validate.qos_policy_exists(
|
validate.qos_policy_exists(
|
||||||
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Fix a bug that allowed a user to create a load balancer on a
|
||||||
|
``vip_subnet_id`` that belongs to another user using the subnet UUID.
|
Loading…
Reference in New Issue
Block a user