Add support for the service role in neutron API policies
Bug #2026182 reported by
Slawek Kaplonski
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| neutron |
Fix Released
|
Medium
|
Slawek Kaplonski | ||
Bug Description
As part of the second phase of the community goal "Consistent and Secure Default RBAC" [1] we should implement in Neutron support for the "service" role which will be used for the APIs developed for the machines to communicate, like e.g. port binding APIs which are used by nova-compute service.
Second step of this phase 2 implementation should be usage of that new service role in the APIs which are designed for such service to service communication.
[1] https:/
| Changed in neutron: | |
| importance: | Undecided → Medium |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to neutron (master) | #1 |
| Changed in neutron: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/neutron 24.0.0.0b1 | #2 |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 428f7a8418447e7
Author: Slawek Kaplonski <email address hidden>
Date: Thu Jun 22 09:34:26 2023 +0200
[S-RBAC] Add service role in neutron policy
RBAC community wide goal phase-2[1] is to add service
role for the service APIs policy rule.
This patch adds new "service_api" role in policies, deprecates old rule
"context_
reasons we want now to have it named "service_api" as in other policies
for other projects.
This patch also adds unit tests to ensure what is allowed and what is
forbidden for the service role user.
[1] https:/
Closes-Bug: #2026182
Change-Id: Iaa1a3a491d310c