Octavia v2 API needs to enforce RBAC (policy) rules

Bug #1690481 reported by Michael Johnson on 2017-05-13
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
octavia
Fix Released
High
Michael Johnson

Bug Description

General RBAC support via oslo.policy was added here: https://review.openstack.org/#/c/399117/
But the actual integration with the Octavia v2 API is still not complete. I don't think it is enforcing.

This likely needs to be added as an API hook.

Changed in octavia:
assignee: nobody → Michael Johnson (johnsom)

Fix proposed to branch: master
Review: https://review.openstack.org/472872

Changed in octavia:
status: New → In Progress
Changed in octavia:
assignee: Michael Johnson (johnsom) → Nir Magnezi (nmagnezi)

Fix proposed to branch: master
Review: https://review.openstack.org/475868

Changed in octavia:
assignee: Nir Magnezi (nmagnezi) → Michael Johnson (johnsom)

Fix proposed to branch: master
Review: https://review.openstack.org/475920

Fix proposed to branch: master
Review: https://review.openstack.org/475934

Fix proposed to branch: master
Review: https://review.openstack.org/475945

Fix proposed to branch: master
Review: https://review.openstack.org/475953

Fix proposed to branch: master
Review: https://review.openstack.org/475980

Reviewed: https://review.openstack.org/472872
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=0ce46fe8d09c35b9f6494e335193a1c02812fb0e
Submitter: Jenkins
Branch: master

commit 0ce46fe8d09c35b9f6494e335193a1c02812fb0e
Author: Michael Johnson <email address hidden>
Date: Fri Jun 9 18:53:18 2017 -0700

    Add RBAC enforcement to Octavia v2 API

    This patch adds policies and enforcement to the Octavia v2 API for
    load balancers and listeners. Child patches will add the rest of the API.

    In this patch I also correct some improper functional tests.

    Change-Id: Id8a2d15c117c54bd45fc8bb76bf71aff1b3c8fe9
    Closes-Bug: #1690481

Changed in octavia:
status: In Progress → Fix Released

Reviewed: https://review.openstack.org/475868
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=8987ab39ed2e36bf3a646e1965d3dd34644a9783
Submitter: Jenkins
Branch: master

commit 8987ab39ed2e36bf3a646e1965d3dd34644a9783
Author: Michael Johnson <email address hidden>
Date: Tue Jun 20 09:36:12 2017 -0700

    Add RBAC enforcement to pools v2 API

    This patch adds policies and enforcement to the Octavia v2 API for pools.

    It also fixes a minor issue with the specs tox job.

    Change-Id: Id2aa4dfad149583f9cb16205cb617f6e2a1bc92e
    Partial-Bug: #1690481

Reviewed: https://review.openstack.org/475920
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=7fa12cee40d75dc9f055bdd207c5fd2929e3616c
Submitter: Jenkins
Branch: master

commit 7fa12cee40d75dc9f055bdd207c5fd2929e3616c
Author: Michael Johnson <email address hidden>
Date: Tue Jun 20 13:48:01 2017 -0700

    Add RBAC enforcement to members v2 API

    This patch adds policies and enforcement to the Octavia v2 API for members.

    Change-Id: I8f369e8ad6fa1cf3ee6485f0be95b243b7ade20e
    Partial-Bug: #1690481

Reviewed: https://review.openstack.org/475934
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=aea4f266ee166730e65f2292c072096b738b96d6
Submitter: Jenkins
Branch: master

commit aea4f266ee166730e65f2292c072096b738b96d6
Author: Michael Johnson <email address hidden>
Date: Tue Jun 20 14:35:01 2017 -0700

    Add RBAC enforcement to health monitors v2 API

    This patch adds policies and enforcement to the Octavia v2 API for health
    monitors.

    Change-Id: I5bd48b0f451b1543fd9710c949d44d2c159ef91f
    Partial-Bug: #1690481

Reviewed: https://review.openstack.org/475945
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=accf9456cc9de54da0e9bf4b0ccf00b78edc5035
Submitter: Jenkins
Branch: master

commit accf9456cc9de54da0e9bf4b0ccf00b78edc5035
Author: Michael Johnson <email address hidden>
Date: Tue Jun 20 15:22:32 2017 -0700

    Add RBAC enforcement to L7 policies v2 API

    This patch adds policies and enforcement to the Octavia v2 API for L7 policies.

    Change-Id: Ie4de79df3f6f7a6c46c00d2e224979a8e25e9712
    Partial-Bug: #1690481

Reviewed: https://review.openstack.org/475953
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=f4a16a842b24b1e49e18a02b6e538326b7b884aa
Submitter: Jenkins
Branch: master

commit f4a16a842b24b1e49e18a02b6e538326b7b884aa
Author: Michael Johnson <email address hidden>
Date: Tue Jun 20 16:16:45 2017 -0700

    Add RBAC enforcement to l7rules v2 API

    This patch adds policies and enforcement to the Octavia v2 API for l7rules.

    Change-Id: I2050ef70c26bc59d3777842ea3de9900d4e282fe
    Partial-Bug: #1690481

Reviewed: https://review.openstack.org/475980
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=335c00ac1896008bb23f61756b8b42431ed5a045
Submitter: Jenkins
Branch: master

commit 335c00ac1896008bb23f61756b8b42431ed5a045
Author: Michael Johnson <email address hidden>
Date: Tue Jun 20 18:51:17 2017 -0700

    Add RBAC enforcement to quotas v2 API

    This patch adds policies and enforcement to the Octavia v2 API for quotas.

    Change-Id: I5f2fa38973fce595ea3ec03cdff924336e0e71c8
    Partial-Bug: #1690481

This issue was fixed in the openstack/octavia 1.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers