On Fri, Mar 5, 2021 at 5:49 PM Frode Nordahl
<[email protected]> wrote:
>
> This patch summarizes a series of fixes to the C northd for missing
> or out of date RBAC rules and updates the DDlog version of Northd
> accordingly.
>
> Signed-off-by: Frode Nordahl <[email protected]>
Hi Frode,
Thanks for the patch series.
I applied the patches 1 to 5 of this series to master and backported
1-4 patches to
branch-21.03.
I have also backported some of the patches down to 20.03. I need to
apply a couple of
patches down to the 20.03 branch. I will do that in some time.
For the patches 6-9, I have not looked at them yet. I'd appreciate it
if others want to review them.
Thanks
Numan
> ---
> northd/ovn_northd.dl | 24 ++++++++++++++++++++++--
> 1 file changed, 22 insertions(+), 2 deletions(-)
>
> diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl
> index 4482cffc0..8bc6dd9f6 100644
> --- a/northd/ovn_northd.dl
> +++ b/northd/ovn_northd.dl
> @@ -1257,7 +1257,8 @@ sb::Out_RBAC_Permission (
> .authorization = set_singleton("name"),
> .insert_delete = true,
> .update = ["nb_cfg", "external_ids", "encaps",
> - "vtep_logical_switches", "other_config"].to_set()
> + "vtep_logical_switches", "other_config",
> + "transport_zones"].to_set()
> ).
>
> sb::Out_RBAC_Permission (
> @@ -1281,7 +1282,7 @@ sb::Out_RBAC_Permission (
> .table = "Port_Binding",
> .authorization = set_singleton(""),
> .insert_delete = false,
> - .update = ["chassis", "up"].to_set()
> + .update = ["chassis", "encap", "up", "virtual_parent"].to_set()
> ).
>
> sb::Out_RBAC_Permission (
> @@ -1308,6 +1309,23 @@ sb::Out_RBAC_Permission (
> .update = ["address", "chassis", "datapath", "ports"].to_set()
> ).
>
> +sb::Out_RBAC_Permission (
> + ._uuid = 128'h2e5cbf3d_26f6_4f8a_9926_d6f77f61654f,
> + .table = "Controller_Event",
> + .authorization = set_singleton(""),
> + .insert_delete = true,
> + .update = ["chassis", "event_info", "event_type",
> + "seq_num"].to_set()
> +).
> +
> +sb::Out_RBAC_Permission (
> + ._uuid = 128'hb70964fc_322f_4ae5_aee4_ff6afadcc126,
> + .table = "FDB",
> + .authorization = set_singleton(""),
> + .insert_delete = true,
> + .update = ["dp_key", "mac", "port_key"].to_set()
> +).
> +
> /*
> * RBAC_Role: fixed
> */
> @@ -1317,7 +1335,9 @@ sb::Out_RBAC_Role (
> .permissions = [
> "Chassis" -> 128'h7df3749a_1754_4a78_afa4_3abf526fe510,
> "Chassis_Private" -> 128'h07e623f7_137c_4a11_9084_3b3f89cb4a54,
> + "Controller_Event" -> 128'h2e5cbf3d_26f6_4f8a_9926_d6f77f61654f,
> "Encap" -> 128'h94bec860_431e_4d95_82e7_3b75d8997241,
> + "FDB" -> 128'hb70964fc_322f_4ae5_aee4_ff6afadcc126,
> "Port_Binding" -> 128'hd8ceff1a_2b11_48bd_802f_4a991aa4e908,
> "MAC_Binding" -> 128'h6ffdc696_8bfb_4d82_b620_a00d39270b2f,
> "Service_Monitor"-> 128'h39231c7e_4bf1_41d0_ada4_1d8a319c0da3]
> --
> 2.30.0
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
