Previously, a tenant could plug an interface into another tenant's
router if he knew their router_id by creating a port with the correct
device_id and device_owner. This patch prevents this from occuring
by preventing non-admin users from creating ports with device_owner
network:router_interface with a device_id that matches another tenants router.
In addition, it prevents one from updating a ports device_owner and device_id
so that the device_id won't match another tenants router with device_owner
being network:router_interface.
NOTE: with this change it does open up the possiblity for a tenant to discover
router_id's of another tenant's by guessing them and updating a port till
a conflict occurs. That said, randomly guessing the router id would be hard
and in theory should not matter if exposed. We also need to allow a tenant
to update the device_id on network:router_interface ports as this would be
used for by anyone using a vm as a service router. This issue will be fixed in
another patch upstream as a db migration is required but since this needs
to be backported to all stable branches this is not possible.
NOTE: The only plugins affect by this are the ones that use the l3-agent.
NOTE: **One should perform and audit of the ports that are already
attached to routers after applying this patch and remove ports
that a tenant may have cross plugged.**
Closes-bug: #1243327
Conflicts:
neutron/common/exceptions.py
neutron/db/db_base_plugin_v2.py
Change-Id: I8bc6241f537d937e5729072dcc76871bf407cdb3
1faec8354a