Add NET_OWNER_MEMBER and NET_OWNER_READER policy rules
Initially when [1] was proposed the idea was to use PARENT_OWNER_* rules
for the subnet APIs, in the same way as it is done currently for e.g.
FIP PF, QoS rules and some other resources.
But after some more thinking about it, it's better to keep
NET_OWNER rules for MEMBER and READER. Those rules are basically very
similar to the PARENT_OWNER_*, the only difference is that it relies on
the "network_id" attribute always.
The reason why it's better to have NET_OWNER_* rules and use them for
subnets and ports is that subnets and ports are actually top level API
resources in neutron. They aren't actually childs of the network so
using PARENT_OWNER for them could be missleading and confusing for
users.
Reviewed: https:/ /review. opendev. org/c/openstack /neutron/ +/889153 /opendev. org/openstack/ neutron/ commit/ 0741a0d5a550247 87c7324d060bd3f 5a79ffcb0e
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 0741a0d5a550247 87c7324d060bd3f 5a79ffcb0e
Author: Slawek Kaplonski <email address hidden>
Date: Fri Jul 21 10:11:47 2023 +0200
Add NET_OWNER_MEMBER and NET_OWNER_READER policy rules
Initially when [1] was proposed the idea was to use PARENT_OWNER_* rules
for the subnet APIs, in the same way as it is done currently for e.g.
FIP PF, QoS rules and some other resources.
But after some more thinking about it, it's better to keep
NET_OWNER rules for MEMBER and READER. Those rules are basically very
similar to the PARENT_OWNER_*, the only difference is that it relies on
the "network_id" attribute always.
The reason why it's better to have NET_OWNER_* rules and use them for
subnets and ports is that subnets and ports are actually top level API
resources in neutron. They aren't actually childs of the network so
using PARENT_OWNER for them could be missleading and confusing for
users.
Related-Bug: #2023679
[1] https:/ /review. opendev. org/c/openstack /neutron/ +/886231
Change-Id: I52fc92f76842f9 f075e9e4c492627 85ca099bdf8