neutron

  1. Bug #2018727
  2. Comment #8

Comment 8 for bug 2018727

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/882958
Committed: https://opendev.org/openstack/neutron/commit/572cc2d43e669797a9d03d2e9daf174dfe8566ff
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 572cc2d43e669797a9d03d2e9daf174dfe8566ff
Author: Slawek Kaplonski <email address hidden>
Date: Tue May 9 12:28:03 2023 +0200

    [S-RBAC] Fix new policies for get QoS rules APIs

    During transition to the new secure RBAC API policies, we made mistake
    with policies for QoS rules by defining them to be available for
    ADMIN_OR_PROJECT_READER. This can't be like that as QoS rules don't have
    tenant_id attribute and belongs always to the owner of the QoS policy.

    To fix that, this patch introduces new rules:
    ADMIN_OR_PARENT_OWNER_READER
    ADMIN_OR_PARENT_OWNER_MEMBER

    and uses those in the QoS rules APIs.

    Closes-Bug: #2018727
    Change-Id: I522aeab5094b3f4854303d5e18f3abf6130fb33c
    (cherry picked from commit be0dc09d52efd5e7236a33be552edb6644371cd0)