Reviewed: https://review.opendev.org/c/openstack/neutron/+/939624
Committed:
https://opendev.org/openstack/neutron/commit/27cbd9821e770170db02d8f669b36b72fe58dac8
Submitter: "Zuul (22348)"
Branch: master
commit 27cbd9821e770170db02d8f669b36b72fe58dac8
Author: Slawek Kaplonski <skapl...@redhat.com>
Date: Mon Jan 20 11:28:09 2025 +0100
Don't change original target dict by the OwnerCheck policy rule
OwnerCheck policy rule may create new field "parent_object:tenant_id",
like e.g. "network:tenant_id" in case of the port object to validate
NET_OWNER_RULE.
This new field should be just temporary and should not be added to the
target dict which is later returned by the API.
Closes-Bug: #2095323
Change-Id: I8bf022bef81249a2ddf21993654fece7337bebb0
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2095323
Title:
ADMIN_OR_NET_OWNER_{MEMBER|READER} rules adds "network:tenant_id" to
the final dict returned from the API
Status in neutron:
Fix Released
Bug description:
I spotted it while working on other bug and fix
https://review.opendev.org/c/openstack/neutron/+/938135 - when
ADMIN_OR_NET_OWNER_READER rule is used by the policy engine, it calls
neutron.policy.OwnerCheck rule and that rule is adding this new field
to the target dict in line
https://github.com/openstack/neutron/blob/7810cbd3b2213771ff7eefba3b4c3840d9bf7939/neutron/policy.py#L356
This then results in the field "network:tenant_id" to be included in
the final port's object returned through the API.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2095323/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
