Juniper Openstack

rbac: during restart, need to readd the default rbac rules if missing

Bug #1642464 reported by Senthilnathan Murugappan on 2016-11-17

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.1	Fix Committed	Low	Deepinder Setia	Juniper Openstack r3.1.3.0
R3.2	Fix Committed	Low	Deepinder Setia	Juniper Openstack r3.2.0.0-fcs "r3.2.0.0"
R4.0	Fix Committed	Low	Deepinder Setia	Juniper Openstack r4.0.1.0 "r4.0.1.0"
Trunk	Fix Committed	Low	Deepinder Setia	Juniper Openstack r4.1.0.0-fcs "r4.1"

Bug Description

Right now we check for the existence of the default acl object but we dont look for the default rules in the object. We should be recreating the rules if not found in the default acl.
Without which vnc_api library becomes unusable since we do the initial homepage fetch without the token during init of the client.

Tags:

Senthilnathan Murugappan (msenthil) on 2016-11-17

Changed in juniperopenstack:
importance:	Undecided → Medium
tags:	added: rbac

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-11-17: [Review update] R3.1

Review in progress for https://review.opencontrail.org/26249
Submitter: Deepinder Setia (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-01: [Review update] R3.2

Review in progress for https://review.opencontrail.org/26638
Submitter: Deepinder Setia (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-01:

Review in progress for https://review.opencontrail.org/26671
Submitter: Deepinder Setia (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-14: A change has been merged

Reviewed: https://review.opencontrail.org/26671
Committed: http://github.org/Juniper/contrail-controller/commit/2e9dfd7459ba62be68aa2b09b4718c178ef87049
Submitter: Zuul (<email address hidden>)
Branch: R3.2

commit 2e9dfd7459ba62be68aa2b09b4718c178ef87049
Author: Deepinder Setia <email address hidden>
Date: Thu Dec 1 11:28:28 2016 -0800

Ensure global system config object always has the default RBAC rules.
These rules allow access to whitelist objects/URL (such as documentatiuon
and /) without requiring authorization

Change-Id: I075c7a35ab35a099bce885686e6e8d41f5dd1caa
Closes-Bug: #1642464

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-06-23: [Review update] R4.0

#10

Review in progress for https://review.opencontrail.org/33136
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-06-23: [Review update] master

#12

Review in progress for https://review.opencontrail.org/33137
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-06-23: [Review update] R3.1

#14

Review in progress for https://review.opencontrail.org/33138
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-06-28: A change has been merged

#16

Reviewed: https://review.opencontrail.org/33138
Committed: http://github.com/Juniper/contrail-controller/commit/c62905aec8ef7b2b7519f1c500f0490357b5facd
Submitter: Zuul (<email address hidden>)
Branch: R3.1

commit c62905aec8ef7b2b7519f1c500f0490357b5facd
Author: Deepinder Setia <email address hidden>
Date: Thu Dec 1 11:28:28 2016 -0800

Ensure global system config object always has the default RBAC rules.
These rules allow access to whitelist objects/URL (such as documentatiuon
and /) without requiring authorization

Change-Id: I075c7a35ab35a099bce885686e6e8d41f5dd1caa
Closes-Bug: #1642464
(cherry picked from commit 2e9dfd7459ba62be68aa2b09b4718c178ef87049)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-06-28: [Review update] master

#17

Review in progress for https://review.opencontrail.org/33137
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-06-28: [Review update] R4.0

#19

Review in progress for https://review.opencontrail.org/33136
Submitter: Sachin Bansal (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-06-29: A change has been merged

#21

Reviewed: https://review.opencontrail.org/33136
Committed: http://github.com/Juniper/contrail-controller/commit/0dbe04ceac8f449ce530aa163f0f5c69bc33ad1d
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit 0dbe04ceac8f449ce530aa163f0f5c69bc33ad1d
Author: Deepinder Setia <email address hidden>
Date: Thu Dec 1 11:28:28 2016 -0800

Ensure global system config object always has the default RBAC rules.

These rules allow access to whitelist objects/URL (such as documentatiuon
and /) without requiring authorization

Change-Id: I075c7a35ab35a099bce885686e6e8d41f5dd1caa
Closes-Bug: #1642464
(cherry picked from commit 2e9dfd7459ba62be68aa2b09b4718c178ef87049)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-06-29:

#22

Reviewed: https://review.opencontrail.org/33137
Committed: http://github.com/Juniper/contrail-controller/commit/268ba66efe2b4a7df2b880e39d7c52e610e2d806
Submitter: Zuul (<email address hidden>)
Branch: master

commit 268ba66efe2b4a7df2b880e39d7c52e610e2d806
Author: Deepinder Setia <email address hidden>
Date: Thu Dec 1 11:28:28 2016 -0800

Ensure global system config object always has the default RBAC rules.

These rules allow access to whitelist objects/URL (such as documentatiuon
and /) without requiring authorization

Change-Id: I075c7a35ab35a099bce885686e6e8d41f5dd1caa
Closes-Bug: #1642464
(cherry picked from commit 2e9dfd7459ba62be68aa2b09b4718c178ef87049)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.