neutron

QoS rules policies do not work for "owners"

Bug #1996606 reported by Rodolfo Alonso
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Rodolfo Alonso

Bug Description

Related bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2141470

Policies for QoS rules do not work for "owner" since QoS rules do not have a project ID. When the default policy is overridden, the policy enforcement raise an exception. For example:

  update_policy_bandwidth_limit_rule":"rule:admin_or_owner"

When the policy engine tries to check the owner, it first check the project_id of the object. In this case, the QoS rule does NOT have a project ID (e.g.: max-bw rule definition [1]).

This is the exception the engine returns: [2].

[1]https://github.com/openstack/neutron/blob/320f54eba1a82917e4f02244ea8ddf9757d8f39f/neutron/db/qos/models.py#L145-L166
[2]https://paste.opendev.org/show/bEPQCngI8QpmWIVGoiAi/

Rodolfo Alonso (rodolfo-alonso-hernandez)
Changed in neutron:
importance: Undecided → Medium
assignee: nobody → Rodolfo Alonso (rodolfo-alonso-hernandez)
Bernard Cafarelli (bcafarel)
tags: added: qos
Changed in neutron:
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-lib (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron-lib/+/864568

Changed in neutron:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-lib (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/neutron-lib/+/864735

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-lib (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/neutron-lib/+/864736

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-lib (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/neutron-lib/+/864738

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-lib (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/neutron-lib/+/864739

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-lib (master)

Reviewed: https://review.opendev.org/c/openstack/neutron-lib/+/864568
Committed: https://opendev.org/openstack/neutron-lib/commit/7e4a6beed43d28f7ab0c6c47ea056c70ea7b1fea
Submitter: "Zuul (22348)"
Branch: master

commit 7e4a6beed43d28f7ab0c6c47ea056c70ea7b1fea
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Sat Nov 12 11:14:02 2022 +0100

    Added "qos" plugin to "EXT_PARENT_RESOURCE_MAPPING"

    The plugin "qos" is added to the "EXT_PARENT_RESOURCE_MAPPING" constant.
    The policy engine can now check the QoS rule ownership using the QoS
    policy project ID. The QoS rules are resources that do not have an
    assigned project ID, it is inherited from the QoS policy. This patch
    allows to check a QoS rule ownership using the "ext_parent_policy_id"
    field, that stores the QoS policy project ID.

    NOTE: once released, this bug fix must include Neutron unit tests
    checking, using the rules:
      "update_policy_bandwidth_limit_rule": "rule:admin_or_owner"
      "update_policy_packet_rate_limit_rule": "rule:admin_or_owner"
      "update_policy_dscp_marking_rule": "rule:admin_or_owner"
      "update_policy_minimum_bandwidth_rule": "rule:admin_or_owner"
      "update_policy_minimum_packet_rate_rule": "rule:admin_or_owner"

    Closes-Bug: #1996606
    Change-Id: I0531ea2c1bf29aecfab9b491eefef044a4ee49ad

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron-lib 3.2.0

This issue was fixed in the openstack/neutron-lib 3.2.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-lib (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/neutron-lib/+/864735
Committed: https://opendev.org/openstack/neutron-lib/commit/64b45c627ac164ca075542b095d34d80b12c9b95
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 64b45c627ac164ca075542b095d34d80b12c9b95
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Sat Nov 12 11:14:02 2022 +0100

    Added "qos" plugin to "EXT_PARENT_RESOURCE_MAPPING"

    The plugin "qos" is added to the "EXT_PARENT_RESOURCE_MAPPING" constant.
    The policy engine can now check the QoS rule ownership using the QoS
    policy project ID. The QoS rules are resources that do not have an
    assigned project ID, it is inherited from the QoS policy. This patch
    allows to check a QoS rule ownership using the "ext_parent_policy_id"
    field, that stores the QoS policy project ID.

    NOTE: once released, this bug fix must include Neutron unit tests
    checking, using the rules:
      "update_policy_bandwidth_limit_rule": "rule:admin_or_owner"
      "update_policy_packet_rate_limit_rule": "rule:admin_or_owner"
      "update_policy_dscp_marking_rule": "rule:admin_or_owner"
      "update_policy_minimum_bandwidth_rule": "rule:admin_or_owner"
      "update_policy_minimum_packet_rate_rule": "rule:admin_or_owner"

    Closes-Bug: #1996606
    Change-Id: I0531ea2c1bf29aecfab9b491eefef044a4ee49ad
    (cherry picked from commit 7e4a6beed43d28f7ab0c6c47ea056c70ea7b1fea)

tags: added: in-stable-zed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-lib (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/neutron-lib/+/864736
Committed: https://opendev.org/openstack/neutron-lib/commit/a09e58a1a23b58bca1df5ea9203cccd7cf611a86
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit a09e58a1a23b58bca1df5ea9203cccd7cf611a86
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Sat Nov 12 11:14:02 2022 +0100

    Added "qos" plugin to "EXT_PARENT_RESOURCE_MAPPING"

    The plugin "qos" is added to the "EXT_PARENT_RESOURCE_MAPPING" constant.
    The policy engine can now check the QoS rule ownership using the QoS
    policy project ID. The QoS rules are resources that do not have an
    assigned project ID, it is inherited from the QoS policy. This patch
    allows to check a QoS rule ownership using the "ext_parent_policy_id"
    field, that stores the QoS policy project ID.

    NOTE: once released, this bug fix must include Neutron unit tests
    checking, using the rules:
      "update_policy_bandwidth_limit_rule": "rule:admin_or_owner"
      "update_policy_packet_rate_limit_rule": "rule:admin_or_owner"
      "update_policy_dscp_marking_rule": "rule:admin_or_owner"
      "update_policy_minimum_bandwidth_rule": "rule:admin_or_owner"
      "update_policy_minimum_packet_rate_rule": "rule:admin_or_owner"

    Closes-Bug: #1996606
    Change-Id: I0531ea2c1bf29aecfab9b491eefef044a4ee49ad
    (cherry picked from commit 7e4a6beed43d28f7ab0c6c47ea056c70ea7b1fea)

tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-lib (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/neutron-lib/+/864739
Committed: https://opendev.org/openstack/neutron-lib/commit/acfb2fdc29ab6b22003903b16688cde373f5082a
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit acfb2fdc29ab6b22003903b16688cde373f5082a
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Sat Nov 12 11:14:02 2022 +0100

    Added "qos" plugin to "EXT_PARENT_RESOURCE_MAPPING"

    The plugin "qos" is added to the "EXT_PARENT_RESOURCE_MAPPING" constant.
    The policy engine can now check the QoS rule ownership using the QoS
    policy project ID. The QoS rules are resources that do not have an
    assigned project ID, it is inherited from the QoS policy. This patch
    allows to check a QoS rule ownership using the "ext_parent_policy_id"
    field, that stores the QoS policy project ID.

    NOTE: once released, this bug fix must include Neutron unit tests
    checking, using the rules:
      "update_policy_bandwidth_limit_rule": "rule:admin_or_owner"
      "update_policy_packet_rate_limit_rule": "rule:admin_or_owner"
      "update_policy_dscp_marking_rule": "rule:admin_or_owner"
      "update_policy_minimum_bandwidth_rule": "rule:admin_or_owner"
      "update_policy_minimum_packet_rate_rule": "rule:admin_or_owner"

    Conflicts:
           neutron_lib/services/constants.py

    Closes-Bug: #1996606
    Change-Id: I0531ea2c1bf29aecfab9b491eefef044a4ee49ad
    (cherry picked from commit 7e4a6beed43d28f7ab0c6c47ea056c70ea7b1fea)
    (cherry picked from commit 3f9cbe45252d93dac4c8dbd11c1629aec43137b0)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-lib (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/neutron-lib/+/864738
Committed: https://opendev.org/openstack/neutron-lib/commit/057da4b7656110bfb125346fcbe2394312a025f9
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 057da4b7656110bfb125346fcbe2394312a025f9
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Sat Nov 12 11:14:02 2022 +0100

    Added "qos" plugin to "EXT_PARENT_RESOURCE_MAPPING"

    The plugin "qos" is added to the "EXT_PARENT_RESOURCE_MAPPING" constant.
    The policy engine can now check the QoS rule ownership using the QoS
    policy project ID. The QoS rules are resources that do not have an
    assigned project ID, it is inherited from the QoS policy. This patch
    allows to check a QoS rule ownership using the "ext_parent_policy_id"
    field, that stores the QoS policy project ID.

    NOTE: once released, this bug fix must include Neutron unit tests
    checking, using the rules:
      "update_policy_bandwidth_limit_rule": "rule:admin_or_owner"
      "update_policy_packet_rate_limit_rule": "rule:admin_or_owner"
      "update_policy_dscp_marking_rule": "rule:admin_or_owner"
      "update_policy_minimum_bandwidth_rule": "rule:admin_or_owner"
      "update_policy_minimum_packet_rate_rule": "rule:admin_or_owner"

    Conflicts:
           neutron_lib/services/constants.py

    Closes-Bug: #1996606
    Change-Id: I0531ea2c1bf29aecfab9b491eefef044a4ee49ad
    (cherry picked from commit 7e4a6beed43d28f7ab0c6c47ea056c70ea7b1fea)

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron-lib 2.15.3

This issue was fixed in the openstack/neutron-lib 2.15.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron-lib 2.20.1

This issue was fixed in the openstack/neutron-lib 2.20.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron-lib 3.1.1

This issue was fixed in the openstack/neutron-lib 3.1.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron-lib wallaby-eom

This issue was fixed in the openstack/neutron-lib wallaby-eom release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.