Reviewed: https://review.opendev.org/c/openstack/neutron/+/882414
Committed:
https://opendev.org/openstack/neutron/commit/01de74dedfdc306b0331aae4f970f0c5bca5cb48
Submitter: "Zuul (22348)"
Branch: master
commit 01de74dedfdc306b0331aae4f970f0c5bca5cb48
Author: Rodolfo Alonso Hernandez <ralon...@redhat.com>
Date: Fri May 5 13:13:16 2023 +0200
[S-RBAC] Get QoS rule types API available for READER role
API call "get_rule_types" should be available in new policies for
all users with READER role as this is kind of the same what was in the
old policies (ANY).
Depends-On:
https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/882818
Closes-Bug: #2018585
Change-Id: I8281bd8a902bcaba1187565e9610d598e4ebc254
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2018585
Title:
[SRBAC]New policies change the behavior for check rule type
Status in neutron:
Fix Released
Bug description:
Example commandd affected: openstack network qos rule type list
Several qos test case are skipped due to this chanmge beahavior
because:
(Pdb) p cls.os_tempest.network_client
│
*** AttributeError: 'Manager' object has no attribute 'network_client'
│
(Pdb) ll
│
858 -> @classmethod
│
859 def get_supported_qos_rule_types(cls):
│
860 body = cls.client.list_qos_rule_types()
│
861 return [rule_type['type'] for rule_type in
body['rule_types']]
│
(Pdb) cls.client.list_qos_rule_types()
│
{'rule_types': []}
│
(Pdb)
old behavior rule Any:
policy.DocumentedRuleDefault(
name='get_rule_type',
check_str=base.ADMIN,
scope_types=['project'],
description='Get available QoS rule types',
operations=[
{
'method': 'GET',
'path': '/qos/rule-types',
},
{
'method': 'GET',
'path': '/qos/rule-types/{rule_type}',
},
],
deprecated_rule=policy.DeprecatedRule(
name='get_rule_type',
check_str=neutron_policy.RULE_ANY,
deprecated_reason=DEPRECATED_REASON,
deprecated_since=versionutils.deprecated.WALLABY)
),
New :
https://github.com/openstack/neutron/commit/f1541f29152a75df4efc5b5d53f426a362286ff6#diff-d0398e566a536eb5f27118bf5[…]621369660a13c502b8ae934b043R99
initially it was done correctly
https://github.com/openstack/neutron/commit/c4618857b0249535eeed28f0c7a0abf5dbdbc9d0#diff-d0398e566a536eb5f27118bf5[…]9e8621369660a13c502b8ae934b043
later it was done for SYSTEM_READER but then we dropped system scope
it should be ROLE:READER I guess to match old behaviour
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2018585/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
