neutron

  1. Bug #2023679
  2. Comment #21

Comment 21 for bug 2023679

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/889153
Committed: https://opendev.org/openstack/neutron/commit/0741a0d5a55024787c7324d060bd3f5a79ffcb0e
Submitter: "Zuul (22348)"
Branch: master

commit 0741a0d5a55024787c7324d060bd3f5a79ffcb0e
Author: Slawek Kaplonski <email address hidden>
Date: Fri Jul 21 10:11:47 2023 +0200

    Add NET_OWNER_MEMBER and NET_OWNER_READER policy rules

    Initially when [1] was proposed the idea was to use PARENT_OWNER_* rules
    for the subnet APIs, in the same way as it is done currently for e.g.
    FIP PF, QoS rules and some other resources.
    But after some more thinking about it, it's better to keep
    NET_OWNER rules for MEMBER and READER. Those rules are basically very
    similar to the PARENT_OWNER_*, the only difference is that it relies on
    the "network_id" attribute always.
    The reason why it's better to have NET_OWNER_* rules and use them for
    subnets and ports is that subnets and ports are actually top level API
    resources in neutron. They aren't actually childs of the network so
    using PARENT_OWNER for them could be missleading and confusing for
    users.

    Related-Bug: #2023679

    [1] https://review.opendev.org/c/openstack/neutron/+/886231

    Change-Id: I52fc92f76842f9f075e9e4c49262785ca099bdf8