Comment 4 for bug 855115

Thanks Chris - really appreciate your work on helping us with this.

Phil

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Chris Behrens
Sent: 21 September 2011 21:27
To: Day, Phil
Subject: [Bug 855115] Re: Unauthorized user can release floating_ips

Had to fight a little bit to get the test correct as the network code
has changed a ton. But, I got this merge propped for both diablo's
release branch and for trunk.

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/855115

Title:
  Unauthorized user can release floating_ips

Status in OpenStack Compute (Nova):
  In Progress

Bug description:
  EC2 commands which manipulate floating_ips do not check that the user
  is associated with the project to which the address belongs. For
  example, ReleaseAddress can be used by a user who is a netadmin in one
  project to release an address which has been allocated to a second
  project of which the user is not a member. (See EC2 comment in
  floating_ip_deallocate: # TODO (devcamcar): How to ensure floating id
  belongs to user)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/855115/+subscriptions