Add a RBAC action field in the query hooks
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
In Progress
|
Low
|
Rodolfo Alonso |
Bug Description
Any Neutron resource (that is not only a single database table but a view, a combination of several tables), can register a set of hooks that will be used during the DB query creation [1]. These hooks include a query hook (to modify query depending on the database relationships), a filter hook (to add extra filtering steps to the final query) and a results filter hook (that could be used to join other tables with other dependencies).
This bug proposes to add an extra field to this hooks to be able to filter the RBAC actions. Some resources, like networks [2] and subnets [3], need to add an extra RBAC action "ACCESS_EXTERNAL" to the query filter. This is done now by adding again the same RBAC filter included in the ``query_
If instead of this, the ``query_
[1]https:/
[2]https:/
[3]https:/
[4]https:/
Changed in neutron: | |
importance: | Undecided → Low |
assignee: | nobody → Rodolfo Alonso (rodolfo-alonso-hernandez) |
Fix proposed to branch: master /review. opendev. org/c/openstack /neutron- lib/+/914473
Review: https:/