Reviewed: https://review.opendev.org/c/openstack/neutron/+/882688 Committed: https://opendev.org/openstack/neutron/commit/be0dc09d52efd5e7236a33be552edb6644371cd0 Submitter: "Zuul (22348)" Branch: master
commit be0dc09d52efd5e7236a33be552edb6644371cd0 Author: Slawek Kaplonski <skapl...@redhat.com> Date: Tue May 9 12:28:03 2023 +0200 [S-RBAC] Fix new policies for get QoS rules APIs During transition to the new secure RBAC API policies, we made mistake with policies for QoS rules by defining them to be available for ADMIN_OR_PROJECT_READER. This can't be like that as QoS rules don't have tenant_id attribute and belongs always to the owner of the QoS policy. To fix that, this patch introduces new rules: ADMIN_OR_PARENT_OWNER_READER ADMIN_OR_PARENT_OWNER_MEMBER and uses those in the QoS rules APIs. Closes-Bug: #2018727 Change-Id: I522aeab5094b3f4854303d5e18f3abf6130fb33c ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2018727 Title: [SRBAC] API policies for get_policy_*_rule are wrong Status in neutron: Fix Released Bug description: With new defaults policies for get QoS rules are set to ADMIN_OR_PROJECT_READER but that's wrong as rules don't have owner. Those API rules should be based on the parent owner (qos_policy) always. Those tests are skipped currently in our CI job neutron-tempest- plugin-openvswitch-enforce-scope-new-defaults due to other bug (https://bugs.launchpad.net/neutron/+bug/2018585). To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2018727/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp