Prevent spoofing instance_id from neutron to nova

Previously, one could update a port's device_id in neutron to be
that of another tenant's instance_id and then be able to retrieve
that instance's metadata. This patch prevents this from occurring by
checking that X-Tenant-ID received from the metadata request matches
the tenant_id in the nova database.

DocImpact - This patch is dependent on another patch in neutron
            which adds X-Tenant-ID to the request. Therefore to
            minimize downtime one should upgrade Neutron first (then
            restart neutron-metadata-agent) and lastly update nova.

Change-Id: I93bf662797c3986324ca2099b403833c2e990fb4
Closes-Bug: #1235450

0 files changed, 0 insertions, 0 deletions