)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"8d15620205bc9824d4f9f88d91c81d095d712d58","unresolved":false,"context_lines":[{"line_number":14,"context_line":"it."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Change-Id: I32e76a83443dd8e7d79b396499747f29b4762e92"},{"line_number":17,"context_line":"Closes-Bug: #1757482"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"5f7c97a3_528a831a","line":17,"updated":"2018-06-14 14:46:15.000000000","message":"Partial-Bug ?\n\nI see you noticed the partial bug as well, the _validate_router_port_info() code might need an update as well (i think that looks like the right place).","commit_id":"4f03333a0b51d27883563499d5784b7f4ef363a4"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"c428332843ef4a8b6213222e474ff8ce92f8ad02","unresolved":false,"context_lines":[{"line_number":14,"context_line":"it."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Change-Id: I32e76a83443dd8e7d79b396499747f29b4762e92"},{"line_number":17,"context_line":"Closes-Bug: #1757482"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"5f7c97a3_a26360dd","line":17,"in_reply_to":"5f7c97a3_528a831a","updated":"2018-06-15 23:20:22.000000000","message":"Next revision of this patch fixes to bug completely","commit_id":"4f03333a0b51d27883563499d5784b7f4ef363a4"}],"neutron/db/l3_db.py":[{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"8d15620205bc9824d4f9f88d91c81d095d712d58","unresolved":false,"context_lines":[{"line_number":791,"context_line":"        if subnet[\u0027project_id\u0027] !\u003d context.project_id and not context.is_admin:"},{"line_number":792,"context_line":"            msg \u003d (_(\u0027Cannot add interface to router because subnet %s is not \u0027"},{"line_number":793,"context_line":"                     \u0027owned by project making the request\u0027) % subnet_id)"},{"line_number":794,"context_line":"            raise n_exc.BadRequest(resource\u003d\u0027floatingip\u0027, msg\u003dmsg)"},{"line_number":795,"context_line":"        if (subnet[\u0027ip_version\u0027] \u003d\u003d 6 and subnet[\u0027ipv6_ra_mode\u0027] is None and"},{"line_number":796,"context_line":"                subnet[\u0027ipv6_address_mode\u0027] is not None):"},{"line_number":797,"context_line":"            msg \u003d (_(\u0027IPv6 subnet %s configured to receive RAs from an \u0027"}],"source_content_type":"text/x-python","patch_set":1,"id":"5f7c97a3_123deb8c","line":794,"range":{"start_line":794,"start_character":45,"end_line":794,"end_character":55},"updated":"2018-06-14 14:46:15.000000000","message":"s/router","commit_id":"4f03333a0b51d27883563499d5784b7f4ef363a4"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"c428332843ef4a8b6213222e474ff8ce92f8ad02","unresolved":false,"context_lines":[{"line_number":791,"context_line":"        if subnet[\u0027project_id\u0027] !\u003d context.project_id and not context.is_admin:"},{"line_number":792,"context_line":"            msg \u003d (_(\u0027Cannot add interface to router because subnet %s is not \u0027"},{"line_number":793,"context_line":"                     \u0027owned by project making the request\u0027) % subnet_id)"},{"line_number":794,"context_line":"            raise n_exc.BadRequest(resource\u003d\u0027floatingip\u0027, msg\u003dmsg)"},{"line_number":795,"context_line":"        if (subnet[\u0027ip_version\u0027] \u003d\u003d 6 and subnet[\u0027ipv6_ra_mode\u0027] is None and"},{"line_number":796,"context_line":"                subnet[\u0027ipv6_address_mode\u0027] is not None):"},{"line_number":797,"context_line":"            msg \u003d (_(\u0027IPv6 subnet %s configured to receive RAs from an \u0027"}],"source_content_type":"text/x-python","patch_set":1,"id":"5f7c97a3_4247ec4d","line":794,"range":{"start_line":794,"start_character":45,"end_line":794,"end_character":55},"in_reply_to":"5f7c97a3_123deb8c","updated":"2018-06-15 23:20:22.000000000","message":"Done","commit_id":"4f03333a0b51d27883563499d5784b7f4ef363a4"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"c1e4b4c8ca30582ea4d09b3acf4edea7bb2d26b4","unresolved":false,"context_lines":[{"line_number":704,"context_line":"                              for fix_ip in port[\u0027fixed_ips\u0027]]:"},{"line_number":705,"context_line":"            if (ip not in subnets_by_id[subnet_id][0] and"},{"line_number":706,"context_line":"                    context.project_id !\u003d subnets_by_id[subnet_id][1] and"},{"line_number":707,"context_line":"                    not context.is_admin):"},{"line_number":708,"context_line":"                msg \u003d (_(\u0027Cannot add interface to router because specified \u0027"},{"line_number":709,"context_line":"                         \u0027port has an IP address out of the allocation pool \u0027"},{"line_number":710,"context_line":"                         \u0027of subnet %s, which is not owned by the project \u0027"}],"source_content_type":"text/x-python","patch_set":2,"id":"5f7c97a3_0fcd50b6","line":707,"updated":"2018-06-20 08:33:14.000000000","message":"Maybe You can move checking if context is admin at the beginning and in such case avoid this all loops and checks?\nSo it would be something like:\n\n    if context.is_admin:\n        return\n\nat the beginning of this method","commit_id":"72b8e7f90e464924f8d9267966276e0d93ac4830"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"a1bfc4443733693d25b885c4e9d0c1338a8f0238","unresolved":false,"context_lines":[{"line_number":704,"context_line":"                              for fix_ip in port[\u0027fixed_ips\u0027]]:"},{"line_number":705,"context_line":"            if (ip not in subnets_by_id[subnet_id][0] and"},{"line_number":706,"context_line":"                    context.project_id !\u003d subnets_by_id[subnet_id][1] and"},{"line_number":707,"context_line":"                    not context.is_admin):"},{"line_number":708,"context_line":"                msg \u003d (_(\u0027Cannot add interface to router because specified \u0027"},{"line_number":709,"context_line":"                         \u0027port has an IP address out of the allocation pool \u0027"},{"line_number":710,"context_line":"                         \u0027of subnet %s, which is not owned by the project \u0027"}],"source_content_type":"text/x-python","patch_set":2,"id":"5f7c97a3_0e1b0880","line":707,"in_reply_to":"5f7c97a3_0fcd50b6","updated":"2018-06-20 19:21:34.000000000","message":"Good suggestion!","commit_id":"72b8e7f90e464924f8d9267966276e0d93ac4830"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"c1e4b4c8ca30582ea4d09b3acf4edea7bb2d26b4","unresolved":false,"context_lines":[{"line_number":706,"context_line":"                    context.project_id !\u003d subnets_by_id[subnet_id][1] and"},{"line_number":707,"context_line":"                    not context.is_admin):"},{"line_number":708,"context_line":"                msg \u003d (_(\u0027Cannot add interface to router because specified \u0027"},{"line_number":709,"context_line":"                         \u0027port has an IP address out of the allocation pool \u0027"},{"line_number":710,"context_line":"                         \u0027of subnet %s, which is not owned by the project \u0027"},{"line_number":711,"context_line":"                         \u0027making the request\u0027) % subnet_id)"},{"line_number":712,"context_line":"                raise n_exc.BadRequest(resource\u003d\u0027router\u0027, msg\u003dmsg)"}],"source_content_type":"text/x-python","patch_set":2,"id":"5f7c97a3_8fb88011","line":709,"range":{"start_line":709,"start_character":30,"end_line":709,"end_character":31},"updated":"2018-06-20 08:33:14.000000000","message":"maybe would be useful to add port_id here?","commit_id":"72b8e7f90e464924f8d9267966276e0d93ac4830"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"a1bfc4443733693d25b885c4e9d0c1338a8f0238","unresolved":false,"context_lines":[{"line_number":706,"context_line":"                    context.project_id !\u003d subnets_by_id[subnet_id][1] and"},{"line_number":707,"context_line":"                    not context.is_admin):"},{"line_number":708,"context_line":"                msg \u003d (_(\u0027Cannot add interface to router because specified \u0027"},{"line_number":709,"context_line":"                         \u0027port has an IP address out of the allocation pool \u0027"},{"line_number":710,"context_line":"                         \u0027of subnet %s, which is not owned by the project \u0027"},{"line_number":711,"context_line":"                         \u0027making the request\u0027) % subnet_id)"},{"line_number":712,"context_line":"                raise n_exc.BadRequest(resource\u003d\u0027router\u0027, msg\u003dmsg)"}],"source_content_type":"text/x-python","patch_set":2,"id":"5f7c97a3_87061b21","line":709,"range":{"start_line":709,"start_character":30,"end_line":709,"end_character":31},"in_reply_to":"5f7c97a3_8fb88011","updated":"2018-06-20 19:21:34.000000000","message":"Done","commit_id":"72b8e7f90e464924f8d9267966276e0d93ac4830"},{"author":{"_account_id":15309,"name":"zhaobo","email":"bzhaojyathousandy@gmail.com","username":"ZhaoBo"},"change_message_id":"cc9d380a840bd8f054b76f99fd349fae60658339","unresolved":false,"context_lines":[{"line_number":709,"context_line":"                msg \u003d (_(\u0027Cannot add interface to router because specified \u0027"},{"line_number":710,"context_line":"                         \u0027port %s has an IP address out of the allocation \u0027"},{"line_number":711,"context_line":"                         \u0027pool of subnet %s, which is not owned by the \u0027"},{"line_number":712,"context_line":"                         \u0027project making the request\u0027) %"},{"line_number":713,"context_line":"                       (port[\u0027id\u0027], subnet_id,))"},{"line_number":714,"context_line":"                raise n_exc.BadRequest(resource\u003d\u0027router\u0027, msg\u003dmsg)"},{"line_number":715,"context_line":""},{"line_number":716,"context_line":"    def _validate_router_port_info(self, context, router, port_id):"}],"source_content_type":"text/x-python","patch_set":3,"id":"5f7c97a3_2edcbbdf","line":713,"range":{"start_line":712,"start_character":0,"end_line":713,"end_character":48},"updated":"2018-06-21 02:50:56.000000000","message":"Here hit the pep8 error, Multiple positional placeholders. I think you can make it like L730-732","commit_id":"85d40aeb60a90fbdf50d5f2888b7d752699cc852"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"db44fcc5144d4451c84a23fdaa512ca58df43074","unresolved":false,"context_lines":[{"line_number":709,"context_line":"                msg \u003d (_(\u0027Cannot add interface to router because specified \u0027"},{"line_number":710,"context_line":"                         \u0027port %s has an IP address out of the allocation \u0027"},{"line_number":711,"context_line":"                         \u0027pool of subnet %s, which is not owned by the \u0027"},{"line_number":712,"context_line":"                         \u0027project making the request\u0027) %"},{"line_number":713,"context_line":"                       (port[\u0027id\u0027], subnet_id,))"},{"line_number":714,"context_line":"                raise n_exc.BadRequest(resource\u003d\u0027router\u0027, msg\u003dmsg)"},{"line_number":715,"context_line":""},{"line_number":716,"context_line":"    def _validate_router_port_info(self, context, router, port_id):"}],"source_content_type":"text/x-python","patch_set":3,"id":"5f7c97a3_f49e96b6","line":713,"range":{"start_line":712,"start_character":0,"end_line":713,"end_character":48},"in_reply_to":"5f7c97a3_2edcbbdf","updated":"2018-06-21 04:43:15.000000000","message":"Thanks! Done","commit_id":"85d40aeb60a90fbdf50d5f2888b7d752699cc852"},{"author":{"_account_id":27654,"name":"Hongbin Lu","email":"kira034@163.com","username":"hongbin.lu"},"change_message_id":"cb9f1e5afbb9dfc9c0af9f09216a748caf4ca7a9","unresolved":false,"context_lines":[{"line_number":748,"context_line":"                msg \u003d _(\"Cannot have multiple \""},{"line_number":749,"context_line":"                        \"IPv4 subnets on router port\")"},{"line_number":750,"context_line":"                raise n_exc.BadRequest(resource\u003d\u0027router\u0027, msg\u003dmsg)"},{"line_number":751,"context_line":"            self._validate_port_in_range_or_admin(context, subnets, port)"},{"line_number":752,"context_line":"            return port, subnets"},{"line_number":753,"context_line":""},{"line_number":754,"context_line":"    def _notify_attaching_interface(self, context, router_db, port,"}],"source_content_type":"text/x-python","patch_set":5,"id":"5f7c97a3_bc3eb2b6","line":751,"range":{"start_line":751,"start_character":17,"end_line":751,"end_character":49},"updated":"2018-07-04 22:18:49.000000000","message":"Perhaps it is better to move this check to port_create? IMHO, neutron should disallow non-admin users to create an out-of-range port from a subnet that belongs to admin tenant.","commit_id":"54aa6e81cb17b33ce4d5d469cc11dec2869c762d"},{"author":{"_account_id":27654,"name":"Hongbin Lu","email":"kira034@163.com","username":"hongbin.lu"},"change_message_id":"3610a5067d96b3059432a164a6c4b276cccd4dc3","unresolved":false,"context_lines":[{"line_number":748,"context_line":"                msg \u003d _(\"Cannot have multiple \""},{"line_number":749,"context_line":"                        \"IPv4 subnets on router port\")"},{"line_number":750,"context_line":"                raise n_exc.BadRequest(resource\u003d\u0027router\u0027, msg\u003dmsg)"},{"line_number":751,"context_line":"            self._validate_port_in_range_or_admin(context, subnets, port)"},{"line_number":752,"context_line":"            return port, subnets"},{"line_number":753,"context_line":""},{"line_number":754,"context_line":"    def _notify_attaching_interface(self, context, router_db, port,"}],"source_content_type":"text/x-python","patch_set":5,"id":"5f7c97a3_e982e251","line":751,"range":{"start_line":751,"start_character":17,"end_line":751,"end_character":49},"in_reply_to":"5f7c97a3_2e5ea012","updated":"2018-07-09 17:32:39.000000000","message":"@Migual,\n\nThanks for your insightful response. Agree with you that we can start a separate conversation about that.","commit_id":"54aa6e81cb17b33ce4d5d469cc11dec2869c762d"},{"author":{"_account_id":27654,"name":"Hongbin Lu","email":"kira034@163.com","username":"hongbin.lu"},"change_message_id":"c4ba808cb848249136dc67cdb4c9382a5cc8ac1d","unresolved":false,"context_lines":[{"line_number":748,"context_line":"                msg \u003d _(\"Cannot have multiple \""},{"line_number":749,"context_line":"                        \"IPv4 subnets on router port\")"},{"line_number":750,"context_line":"                raise n_exc.BadRequest(resource\u003d\u0027router\u0027, msg\u003dmsg)"},{"line_number":751,"context_line":"            self._validate_port_in_range_or_admin(context, subnets, port)"},{"line_number":752,"context_line":"            return port, subnets"},{"line_number":753,"context_line":""},{"line_number":754,"context_line":"    def _notify_attaching_interface(self, context, router_db, port,"}],"source_content_type":"text/x-python","patch_set":5,"id":"5f7c97a3_d5cb4147","line":751,"range":{"start_line":751,"start_character":17,"end_line":751,"end_character":49},"in_reply_to":"5f7c97a3_bc3eb2b6","updated":"2018-07-05 04:28:32.000000000","message":"Actually, it might be an issue if such validation is not performed on port_create. I suspect the same issue will happen if a user performs the following steps:\n\n* Create an out-of-range port (with ip-address set to the gateway\u0027s IP) on a shared external network.\n* Create a VM with that port.\n\nThen, the VM will become the gateway of the public external network?","commit_id":"54aa6e81cb17b33ce4d5d469cc11dec2869c762d"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"1cdc43a01c83263804cb192fe0bc0f487f78ed3f","unresolved":false,"context_lines":[{"line_number":748,"context_line":"                msg \u003d _(\"Cannot have multiple \""},{"line_number":749,"context_line":"                        \"IPv4 subnets on router port\")"},{"line_number":750,"context_line":"                raise n_exc.BadRequest(resource\u003d\u0027router\u0027, msg\u003dmsg)"},{"line_number":751,"context_line":"            self._validate_port_in_range_or_admin(context, subnets, port)"},{"line_number":752,"context_line":"            return port, subnets"},{"line_number":753,"context_line":""},{"line_number":754,"context_line":"    def _notify_attaching_interface(self, context, router_db, port,"}],"source_content_type":"text/x-python","patch_set":5,"id":"5f7c97a3_2e5ea012","line":751,"range":{"start_line":751,"start_character":17,"end_line":751,"end_character":49},"in_reply_to":"5f7c97a3_d5cb4147","updated":"2018-07-09 16:58:10.000000000","message":"This is what I think:\n\n1) It is perfectly valid to create a port with an ip address outside the allocation pools, as long as it is within the subnet\u0027s cidr\n\n2) In this patch we are trying to fix  https://bugs.launchpad.net/neutron/+bug/1757482, where the port out of the allocation pool maps to a physical provider router, because we are talking about external provider networks. In this case, we know problems are being created to living / breathing users\n\n3) In my opinion it is debatable whether we should restrict the case you describe. It is possible that there are use cases out there where a network is shared by several tenants and the network doesn\u0027t map to a provider network. Should we restrict them from allocating IPs out of the allocation pools? Maybe, but at this point nobody has complained about it\n\nI propose that we move ahead and fix the issue that we have at hand (https://bugs.launchpad.net/neutron/+bug/1757482). If you or other reviewers feel strongly about the potential problem you describe, we can start a separate conversation","commit_id":"54aa6e81cb17b33ce4d5d469cc11dec2869c762d"}],"neutron/tests/unit/extensions/test_l3.py":[{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"c1e4b4c8ca30582ea4d09b3acf4edea7bb2d26b4","unresolved":false,"context_lines":[{"line_number":1288,"context_line":"                     self.subnet(network\u003dn, cidr\u003d\u0027fd00::/64\u0027,"},{"line_number":1289,"context_line":"                                 ip_version\u003d6)) as s3, ("},{"line_number":1290,"context_line":"                     self.subnet(network\u003dn, cidr\u003d\u0027fd01::/64\u0027,"},{"line_number":1291,"context_line":"                                 ip_version\u003d6)) as s2:"},{"line_number":1292,"context_line":"                    fixed_ips \u003d [{\u0027subnet_id\u0027: s1[\u0027subnet\u0027][\u0027id\u0027]},"},{"line_number":1293,"context_line":"                                 {\u0027subnet_id\u0027: s2[\u0027subnet\u0027][\u0027id\u0027]},"},{"line_number":1294,"context_line":"                                 {\u0027subnet_id\u0027: s3[\u0027subnet\u0027][\u0027id\u0027]}]"}],"source_content_type":"text/x-python","patch_set":2,"id":"5f7c97a3_6f6ba484","line":1291,"range":{"start_line":1291,"start_character":51,"end_line":1291,"end_character":53},"updated":"2018-06-20 08:33:14.000000000","message":"nitty nit: why \"s3\" is before \"s2\"? It\u0027s not a problem for me but I\u0027m just curious :)","commit_id":"72b8e7f90e464924f8d9267966276e0d93ac4830"},{"author":{"_account_id":4694,"name":"Miguel Lavalle","email":"miguel@mlavalle.com","username":"minsel"},"change_message_id":"a1bfc4443733693d25b885c4e9d0c1338a8f0238","unresolved":false,"context_lines":[{"line_number":1288,"context_line":"                     self.subnet(network\u003dn, cidr\u003d\u0027fd00::/64\u0027,"},{"line_number":1289,"context_line":"                                 ip_version\u003d6)) as s3, ("},{"line_number":1290,"context_line":"                     self.subnet(network\u003dn, cidr\u003d\u0027fd01::/64\u0027,"},{"line_number":1291,"context_line":"                                 ip_version\u003d6)) as s2:"},{"line_number":1292,"context_line":"                    fixed_ips \u003d [{\u0027subnet_id\u0027: s1[\u0027subnet\u0027][\u0027id\u0027]},"},{"line_number":1293,"context_line":"                                 {\u0027subnet_id\u0027: s2[\u0027subnet\u0027][\u0027id\u0027]},"},{"line_number":1294,"context_line":"                                 {\u0027subnet_id\u0027: s3[\u0027subnet\u0027][\u0027id\u0027]}]"}],"source_content_type":"text/x-python","patch_set":2,"id":"5f7c97a3_91909d98","line":1291,"range":{"start_line":1291,"start_character":51,"end_line":1291,"end_character":53},"in_reply_to":"5f7c97a3_6f6ba484","updated":"2018-06-20 19:21:34.000000000","message":"It was an error. Fixed. Same for L1309 and L1311 below","commit_id":"72b8e7f90e464924f8d9267966276e0d93ac4830"}]}