Reviewed: https://review.opendev.org/c/openstack/neutron/+/915370 Committed: https://opendev.org/openstack/neutron/commit/f22f7ae012e75b34051945fcac29f955861896ab Submitter: "Zuul (22348)" Branch: master
commit f22f7ae012e75b34051945fcac29f955861896ab Author: Rodolfo Alonso Hernandez <[email protected]> Date: Mon Apr 8 22:19:50 2024 +0000 Use the RBAC actions field for "network" and "subnet" Since [1], it is possible to define a set of RBAC actions to filter the model query. For "network" and "subnet" models, it is needed to add the RBAC action "access_as_external" to the query. Instead of adding an additional filter (as is now), this patch replaces the default RBAC actions used in the model query, adding this extra one. The neutron-lib library is bumped to version 3.14.0. [1]https://review.opendev.org/c/openstack/neutron-lib/+/914473 Closes-Bug: #2059236 Change-Id: Ie3e77e2f812bd5cddf1971bc456854866843d4f3 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2059236 Title: Add a RBAC action field in the query hooks Status in neutron: Fix Released Bug description: Any Neutron resource (that is not only a single database table but a view, a combination of several tables), can register a set of hooks that will be used during the DB query creation [1]. These hooks include a query hook (to modify query depending on the database relationships), a filter hook (to add extra filtering steps to the final query) and a results filter hook (that could be used to join other tables with other dependencies). This bug proposes to add an extra field to this hooks to be able to filter the RBAC actions. Some resources, like networks [2] and subnets [3], need to add an extra RBAC action "ACCESS_EXTERNAL" to the query filter. This is done now by adding again the same RBAC filter included in the ``query_with_hooks`` [4] but with the "ACCESS_EXTERNAL" action. If instead of this, the ``query_with_hooks`` can include a configurable set of RBAC actions, the result query could be shorter, less complex and faster. [1]https://github.com/openstack/neutron-lib/blob/625ae19e29758da98c5dd8c9ce03962840a87949/neutron_lib/db/model_query.py#L86-L90 [2]https://github.com/openstack/neutron/blob/bcf1f707bc9169e8f701613214516e97f039d730/neutron/db/external_net_db.py#L75-L80 [3]https://review.opendev.org/c/openstack/neutron/+/907313/15/neutron/db/external_net_db.py [4]https://github.com/openstack/neutron-lib/blob/625ae19e29758da98c5dd8c9ce03962840a87949/neutron_lib/db/model_query.py#L127-L132 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2059236/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
