Comment 13 for bug 1031473

re-triage analysis.

This could be sorted out in two ways.
1) Make the fields admin_only and fix nova.network.neutronv2.api.API in order to perform the port_update operation needed when a neutron port is passed to create server with admin context.

This is simple, but will look weird and violate the principle of performing port create operations within tenant context

2) Enforce a policy where device_id and device_owner can be updated only if they're empty. Once set, they can be updated only with admin context. This is easy to enforce by hardcoding in db_plugin, but harder to perform in an orthogonal way using the policy engine. I have tried using the field check to authorize only when tenant_id is the owner of the port and device_id is empty, but the policy is enforced on the resource with the updated attributes. the solution would involve the policy engine retrieving a context and performing a query, which sounds expensive.

If we feel we need to fix this, I can probably extend the policy engine to pass both the original and the modified target.
Otherwise let's leave this bug untargeted.