If a OVN deployment has OVN RBAC enabled for the southbound
database, enabling BFD would lead to permission errors.
The data in the entries in the BFD table do not belong to any
given chassis and no column can provide authentication, but the
rules still need to be there for successful operation.
Fixes: 117203584d98 ("controller: introduce BFD tx path in ovn-controller.")
Reported-at: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1995771
Signed-off-by: Frode Nordahl <[email protected]>
---
northd/ovn-northd.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 965353cd7..82d2874d6 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -125,6 +125,10 @@ static const char *rbac_igmp_group_auth[] =
{""};
static const char *rbac_igmp_group_update[] =
{"address", "chassis", "datapath", "ports"};
+static const char *rbac_bfd_auth[] =
+ {""};
+static const char *rbac_bfd_update[] =
+ {"status"};
static struct rbac_perm_cfg {
const char *table;
@@ -207,6 +211,14 @@ static struct rbac_perm_cfg {
.update = rbac_igmp_group_update,
.n_update = ARRAY_SIZE(rbac_igmp_group_update),
.row = NULL
+ },{
+ .table = "BFD",
+ .auth = rbac_bfd_auth,
+ .n_auth = ARRAY_SIZE(rbac_bfd_auth),
+ .insdel = false,
+ .update = rbac_bfd_update,
+ .n_update = ARRAY_SIZE(rbac_bfd_update),
+ .row = NULL
},{
.table = NULL,
.auth = NULL,
--
2.37.2
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
