external_gateway_info enable_snat attribute should be owner-modifiable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
Low
|
Brian Haley |
Bug Description
Currently, policy.json restricts who can change the 'enable_snat' setting of a router. For example:
stack@18-
+------
| Field | Value |
+------
| external_
+------
stack@18-
HttpException: 403: Client Error for url: http://
I'm not sure there's a good reason the owner can't modify this, and looking back through the blueprints there was only a mention of it - "for instance a provider might want to restrict enable_snat to admin only users" - so it seems it was intended for the owner originally with the caveat that the admin could restrict if necessary.
This fix would be as simple as updating these two entries:
"create_
"update_
to have:
"rule:admin_
Perhaps there's something I'm missing, so will need to discuss with others to see if this should change.
Fix proposed to branch: master /review. openstack. org/603485
Review: https:/