Public bug reported: I was testing the tempest with the new RBAC enabled which means in neutron.conf enable the below options:
[oslo_policy] enforce_scope = True enforce_new_defaults = True https://zuul.opendev.org/t/openstack/build/e447385546c749f8b38bc4c411088dc1/log/controller/logs/etc/neutron/neutron_conf.txt#1928 Tempest external network tests doing the list network but 'router:external' field is missing in network list response - https://zuul.opendev.org/t/openstack/build/e447385546c749f8b38bc4c411088dc1/log/job- output.txt#23754 policy defaults for 'router:external' seems fine - https://github.com/openstack/neutron/blob/bf44e70db6219e7f3a45bd61b7dd14a31ae33bb0/neutron/conf/policies/network.py#L193 But it seems enforce_scope is restricting it somewhere, is this check in context causing not to return it? - https://github.com/openstack/neutron-lib/blob/9ecd5995b6c598cee931087bf13fdd166f404034/neutron_lib/context.py#L125 We should not add system:all in neutron as system scope is not supported in neutron policy now. ** Affects: neutron Importance: Undecided Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1996836 Title: With new RBAC enabled (enforce_scope and enforce_new_defaults): 'router:external' field is missing in network list response Status in neutron: In Progress Bug description: I was testing the tempest with the new RBAC enabled which means in neutron.conf enable the below options: [oslo_policy] enforce_scope = True enforce_new_defaults = True https://zuul.opendev.org/t/openstack/build/e447385546c749f8b38bc4c411088dc1/log/controller/logs/etc/neutron/neutron_conf.txt#1928 Tempest external network tests doing the list network but 'router:external' field is missing in network list response - https://zuul.opendev.org/t/openstack/build/e447385546c749f8b38bc4c411088dc1/log/job- output.txt#23754 policy defaults for 'router:external' seems fine - https://github.com/openstack/neutron/blob/bf44e70db6219e7f3a45bd61b7dd14a31ae33bb0/neutron/conf/policies/network.py#L193 But it seems enforce_scope is restricting it somewhere, is this check in context causing not to return it? - https://github.com/openstack/neutron-lib/blob/9ecd5995b6c598cee931087bf13fdd166f404034/neutron_lib/context.py#L125 We should not add system:all in neutron as system scope is not supported in neutron policy now. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1996836/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
