On Tue, Mar 2, 2021 at 11:58 PM Ben Pfaff <[email protected]> wrote: > > On Tue, Mar 02, 2021 at 06:23:53PM +0100, Frode Nordahl wrote: > > When `ovn-controller` claims a virtual lport it will update the > > Port_Binding table with which chassis currently has claimed the > > port as well as recording information about the virtual parent > > lport [0]. > > > > The current RBAC rules does not allow for the latter which makes > > this operation fail. > > > > 0: > > https://github.com/ovn-org/ovn/blob/b7b0fbdab03ce8b39d5bdc114876e6b0d0683892/controller/pinctrl.c#L6150 > > Fixes: 054f4c85c ("Add a new logical switch port type - 'virtual'") > > Reported-At: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1917475 > > Signed-off-by: Frode Nordahl <[email protected]> > > --- > > northd/ovn-northd.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c > > index ac872aade..dd2c8e243 100644 > > --- a/northd/ovn-northd.c > > +++ b/northd/ovn-northd.c > > @@ -13251,7 +13251,7 @@ static const char *rbac_encap_update[] = > > static const char *rbac_port_binding_auth[] = > > {""}; > > static const char *rbac_port_binding_update[] = > > - {"chassis", "up"}; > > + {"chassis", "up", "virtual_parent"}; > > > > static const char *rbac_mac_binding_auth[] = > > {""}; > > Please fold in the following corresponding change to ovn-northd-ddlog: > > diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl > index 13bbe17c81da..a26555c0cb45 100644 > --- a/northd/ovn_northd.dl > +++ b/northd/ovn_northd.dl > @@ -1280,7 +1280,7 @@ sb::Out_RBAC_Permission ( > .table = "Port_Binding", > .authorization = set_singleton(""), > .insert_delete = false, > - .update = ["chassis", "up"].to_set() > + .update = ["chassis", "up", "virtual_parent"].to_set() > ).
Thanks. I was a few minutes late :). Numan > > sb::Out_RBAC_Permission ( > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
