Public bug reported: I use neutron 2023.2 and try to configure custom rule for policy:
update_network_tags Default value is : update_network_tags: "rule:admin_only or role:member and project_id:%(project_id)s" I try to use fields check (for example prohibit updating tags for shared networks): update_network_tags: "rule:admin_only or (role:member and project_id:%(project_id)s and field:networks:shared=False)" However it leads to constant 403 Forbidden answer for user with rile member. It looks like "target" dictionary has not enough information for specified resource: https://github.com/openstack/neutron/blob/master/neutron/extensions/tagging.py#L142 Moreover the same issue (missed resource fields in "target") is relevant for other tagging policies, like subnet, port, router, floatingip. ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2091493 Title: Field check does not work for tagging policies Status in neutron: New Bug description: I use neutron 2023.2 and try to configure custom rule for policy: update_network_tags Default value is : update_network_tags: "rule:admin_only or role:member and project_id:%(project_id)s" I try to use fields check (for example prohibit updating tags for shared networks): update_network_tags: "rule:admin_only or (role:member and project_id:%(project_id)s and field:networks:shared=False)" However it leads to constant 403 Forbidden answer for user with rile member. It looks like "target" dictionary has not enough information for specified resource: https://github.com/openstack/neutron/blob/master/neutron/extensions/tagging.py#L142 Moreover the same issue (missed resource fields in "target") is relevant for other tagging policies, like subnet, port, router, floatingip. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2091493/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
