Reviewed: https://review.opendev.org/c/openstack/neutron/+/947003
Committed:
https://opendev.org/openstack/neutron/commit/c981cfd658e5a75d87f1cd635bcd39b551945e7b
Submitter: "Zuul (22348)"
Branch: master
commit c981cfd658e5a75d87f1cd635bcd39b551945e7b
Author: Tobias Urdin <tobias.ur...@binero.com>
Date: Fri Apr 11 16:13:21 2025 +0200
Allow service role to create/update port device_id
The ``device_id`` field on ports is used by other
OpenStack projects to save what resource is using
a port and for these OpenStack projects to support
the Secure RBAC community goal they need to be
able to update this field.
This is required for OpenStack projects such as
Nova that tracks instance UUID in device_id on
a port and Octavia that also uses the device_id
field.
This allows the ``service`` role to update the
device_id field and doesn't touch any existing
policies that already exist for the field.
Related-Bug: #2105502
Closes-Bug: #2107039
Change-Id: I227416a7420412a39e450352915eff5967172c64
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2107039
Title:
create/update on a port's device_id must be allowed for service role
Status in neutron:
Fix Released
Bug description:
The service role needs to be allowed to create/update the device_id on
a neutron port so that other OpenStack projects that update this field
is allowed to when only having the service role, this is required to
fully support the secure RBAC community goal.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2107039/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
