The recently added FDB table did not get its RBAC rules which
would prohibit a `ovn-controller` from updating it with RBAC
enabled.
Fixes: 6ec3b1259 ("MAC learning: Add a new FDB table in southbound db")
Signed-off-by: Frode Nordahl <[email protected]>
---
northd/ovn-northd.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index bafcb51e9..bb8f3032c 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -13248,6 +13248,11 @@ static const char *rbac_encap_auth[] =
static const char *rbac_encap_update[] =
{"type", "options", "ip"};
+static const char *rbac_fdb_auth[] =
+ {""};
+static const char *rbac_fdb_update[] =
+ {"dp_key", "mac", "port_key"};
+
static const char *rbac_port_binding_auth[] =
{""};
static const char *rbac_port_binding_update[] =
@@ -13300,6 +13305,14 @@ static struct rbac_perm_cfg {
.update = rbac_encap_update,
.n_update = ARRAY_SIZE(rbac_encap_update),
.row = NULL
+ },{
+ .table = "FDB",
+ .auth = rbac_fdb_auth,
+ .n_auth = ARRAY_SIZE(rbac_fdb_auth),
+ .insdel = true,
+ .update = rbac_fdb_update,
+ .n_update = ARRAY_SIZE(rbac_fdb_update),
+ .row = NULL
},{
.table = "Port_Binding",
.auth = rbac_port_binding_auth,
--
2.30.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
