Incorrect policy check for update/create port fixed_ips ip_address attribute
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Expired
|
Undecided
|
Unassigned |
Bug Description
The two Patrole test cases below have helped me identify that Neutron is
incorrectly performing the policy check for creating/updating the
fixed ip_address on a port.
patrole_
test_create_
patrole_
test_update_
The policy.json file has two rules for the fixed IP addresses:
"create_
"update_
The problem is that these two rules are not enforced within the Neutron
code. Instead, the older "create_
rules are enforced; these older rules are no longer in the policy.json file.
tags: | added: access-control |
tags: | added: ap |
tags: |
added: api removed: ap |
Thanks for reporting the issue, that said I am struggling to understand what you mean. What older rules are you referring to? [1,2] are indeed in master. Can you point to a failure of the Patrole test? We probably do not have a Tempest API test that covers that.
[1] https:/ /github. com/openstack/ neutron/ blob/master/ etc/policy. json#L76 /github. com/openstack/ neutron/ blob/master/ etc/policy. json#L92
[2] https:/