Regular user can remove qos from a port despite the policy
Bug #1957175 reported by
Alexander Shishebarov
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
yatin |
Bug Description
We use neutron stable/stein release with ml2/ovs plugin.
From the admin role, we assign qos policy with bandwidth limit to the ports of virtual machines.
In oslo policies, we forbid users to change this qos.
"update_
But users, despite the policy can remove the qos from the ports by entering the command
openstack port unset <port_id> --qos-policy
This happens because in qos api definition (neutron_lib) for port does not set "enforce_policy" flag.
https:/
Is this done on purpose by neutron api design or is it a bug?
description: | updated |
description: | updated |
description: | updated |
Changed in neutron: | |
importance: | Undecided → High |
tags: | added: qos |
To post a comment you must log in.
Assigning myself and will check if it's a bug or behavior, if bug will propose patch to get it fixed.