Reviewed: https://review.opendev.org/c/openstack/neutron/+/886724 Committed: https://opendev.org/openstack/neutron/commit/428f7a8418447e75d6a9245dbaf7ccc165579ec4 Submitter: "Zuul (22348)" Branch: master
commit 428f7a8418447e75d6a9245dbaf7ccc165579ec4 Author: Slawek Kaplonski <[email protected]> Date: Thu Jun 22 09:34:26 2023 +0200 [S-RBAC] Add service role in neutron policy RBAC community wide goal phase-2[1] is to add service role for the service APIs policy rule. This patch adds new "service_api" role in policies, deprecates old rule "context_is_advsvc" as this had basically same goal but for consistency reasons we want now to have it named "service_api" as in other policies for other projects. This patch also adds unit tests to ensure what is allowed and what is forbidden for the service role user. [1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-2 Closes-Bug: #2026182 Change-Id: Iaa1a3a491d310c2304f6500c6e5d2b9c31a72fa8 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2026182 Title: Add support for the service role in neutron API policies Status in neutron: Fix Released Bug description: As part of the second phase of the community goal "Consistent and Secure Default RBAC" [1] we should implement in Neutron support for the "service" role which will be used for the APIs developed for the machines to communicate, like e.g. port binding APIs which are used by nova-compute service. Second step of this phase 2 implementation should be usage of that new service role in the APIs which are designed for such service to service communication. [1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-2 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2026182/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
