With new RBAC enabled (enforce_scope and enforce_new_defaults): 'router:external' field is missing in network list response
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Slawek Kaplonski |
Bug Description
I was testing the tempest with the new RBAC enabled which means in neutron.conf enable the below options:
[oslo_policy]
enforce_scope = True
enforce_
Tempest external network tests doing the list network but 'router:external' field is missing in network list response
- https:/
policy defaults for 'router:external' seems fine
- https:/
But it seems enforce_scope is restricting it somewhere, is this check in context causing not to return it?
- https:/
We should not add system:all in neutron as system scope is not supported in neutron policy now.
Changed in neutron: | |
importance: | Undecided → High |
Changed in neutron: | |
assignee: | nobody → Slawek Kaplonski (slaweq) |
tags: | added: access-control |
Fix proposed to branch: master /review. opendev. org/c/openstack /neutron- lib/+/864809
Review: https:/