neutron

policy.json engine update_router:external_gateway_info

Bug #1186081 reported by Aaron Rosen on 2013-05-31

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	Salvatore Orlando	neutron 2013.2 "havana"

Bug Description

It seems there is not a generic rule that enforces router-interface-add:

for example:
"add_router_interface": "rule: admin_or_network_owner",
"add_router_interface": "rule: admin_or_owner",

both prevent one from performing router-interface-add

Tags:

Revision history for this message

Aaron Rosen (arosen) wrote on 2013-05-31:

This also don't seem to be enforced: "update_router:external_gateway_info": "rule:admin_only", but update_router is

Revision history for this message

Aaron Rosen (arosen) wrote on 2013-05-31:

sorry router-interface-add/delete is enforced but:

"update_router:external_gateway_info": "rule:admin_only",

is not enforced.

summary:

- policy.json engine router-interface-add
+ policy.json engine update_router:external_gateway_info

Revision history for this message

Salvatore Orlando (salvatore-orlando) wrote on 2013-05-31:

Interesting. I will look into this.

Changed in quantum:
assignee:	nobody → Salvatore Orlando (salvatore-orlando)

Revision history for this message

Salvatore Orlando (salvatore-orlando) wrote on 2013-05-31:

that is easy. The attribute does not have enforce_policy=True.
fix coming.

Changed in quantum:
status:	New → Triaged
importance:	Undecided → Medium
milestone:	none → havana-2

Salvatore Orlando (salvatore-orlando) on 2013-05-31

tags:

added: api

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-05-31: Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/31229

Changed in quantum:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-06-16: Fix merged to quantum (master)

Reviewed: https://review.openstack.org/31229
Committed: http://github.com/openstack/quantum/commit/a9098d218836aa82dc07ba94156f0d553f2f87a7
Submitter: Jenkins
Branch: master

commit a9098d218836aa82dc07ba94156f0d553f2f87a7
Author: Salvatore Orlando <email address hidden>
Date: Fri May 31 17:28:35 2013 +0200

Enable attribute-based policy on router:external_gateway_info

Bug 1186081

    This patch also removes a check on is_write in policy.py since
    the code block where that check is placed assumed already that
    is_write == True

Change-Id: I21c54f63e1948675f67afb088c262dc5316c230d

Changed in quantum:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-07-17

Changed in neutron:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-17

Changed in neutron:
milestone:	havana-2 → 2013.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.