[Stable Only] Enforce policy for qos_policy_id attribute
Currently while updating 'qos_policy_id', authorization policies
are not enforced and as a result it can be set or unset over
port/network/fip by an unauthorized user.
This patch fixes it by setting 'enforce_policy' to True
for this attribute for Floating IP, for port and network
it's fixed in neutron-lib[1].
This patch is only for stable releases as for releases since
Yoga this is fixed in neutron-lib[2] itself.
Reviewed: https:/ /review. opendev. org/c/openstack /neutron/ +/827017 /opendev. org/openstack/ neutron/ commit/ b738de94182b90a 72b28e92f5b2218 b5198e01f6
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/ussuri
commit b738de94182b90a 72b28e92f5b2218 b5198e01f6
Author: yatinkarel <email address hidden>
Date: Thu Jan 27 13:20:07 2022 +0530
[Stable Only] Enforce policy for qos_policy_id attribute
Currently while updating 'qos_policy_id', authorization policies network/ fip by an unauthorized user.
are not enforced and as a result it can be set or unset over
port/
This patch fixes it by setting 'enforce_policy' to True
for this attribute for Floating IP, for port and network
it's fixed in neutron-lib[1].
This patch is only for stable releases as for releases since
Yoga this is fixed in neutron-lib[2] itself.
[1] https:/ /review. opendev. org/q/Ieee1ca09 2e572ad46961059 62fbc6de6754546 57 /review. opendev. org/c/openstack /neutron- lib/+/825088
[2] https:/
Depends-On: https:/ /review. opendev. org/c/openstack /tempest/ +/828245 00b79464368ba33 7d27a824714 0aed20e731d5b17 8f1e152678)
Closes-Bug: #1957175
Change-Id: Ie0660e5e89e45c
(cherry picked from commit 0c2af0f6e7d99d6