neutron

  1. Bug #2101150
  2. Comment #9

Comment 9 for bug 2101150

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/944200
Committed: https://opendev.org/openstack/neutron/commit/be59c0c0f1aa101795dd7f06a6a8b209d46403bb
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit be59c0c0f1aa101795dd7f06a6a8b209d46403bb
Author: Slawek Kaplonski <email address hidden>
Date: Tue Mar 11 11:48:57 2025 +0100

    [S-RBAC] Fix policies for the SG rules API

    This patch fixes default policies for the Security Group Rules API so
    that user of the project who isn't owner of the SG but only sees it
    as shared one, can't now create or delete rules in such SG.

    Additionally this patch lowers numer of retries when parent object's id
    is looked up in the DB by the OwnerCheck policy rule to just one. If it
    will fail twice with NotFound exception, then there is no need to repeat
    it more times.

    Conflicts:
        neutron/tests/unit/conf/policies/test_security_group.py

    Closes-bug: #2101150
    Change-Id: I23722d0ffabce0034548a5fa919980d02bacd91a
    (cherry picked from commit dfea81a4bf6aa62f56d101f8a0cb168a02338d5c)
    (cherry picked from commit f23e6ca9f80b5bac338ec6a5d13e585251a19046)