To help ourself to not forget updating RBAC rules when we land changes to existing functionality and new features we must enable SSL+RBAC on the `ovn-controller` <-> SB DB connection for builds with OpenSSL enabled.
The series is structured with one commit per table where RBAC rules are fixed for the C version and one summary commit to update the northd-ddlog implementation. Then there are a few fixes to existing tests before finally enabling SSL+RBAC for all tests. This should allow for easier backports back to series where the respective tables / features first appeared. A successful testrun can be viewed at [0], in addittion I have done local testing with ovn-northd-ddlog. 0: https://github.com/fnordahl/ovn/actions/runs/624324890 Frode Nordahl (9): northd: Amend RBAC rules for Port_Binding table northd: Add missing RBAC rules for FDB table northd: Amend Chassis RBAC rules northd: Add Controller_Event RBAC rules northd-ddlog: Update RBAC rules tests: Amend release stale port binding test for RBAC tests: Use ovn_start in tests/ovn-controller.at tests: Make certificate generation extendable tests: Test with SSL and RBAC for controller by default northd/ovn-northd.c | 31 ++++++++++++++++++++++-- northd/ovn_northd.dl | 24 +++++++++++++++++-- tests/automake.mk | 53 +++++++++++++++++++++-------------------- tests/ofproto-macros.at | 12 ++++++++++ tests/ovn-controller.at | 50 +++++++++++++++++++++++++++++++++----- tests/ovn-macros.at | 38 +++++++++++++++++++++++++++-- tests/ovn-northd.at | 6 ++--- tests/ovn.at | 50 +++++++++++++++++++------------------- 8 files changed, 198 insertions(+), 66 deletions(-) -- 2.30.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
