← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #26630

[Bug 1407886] [NEW] can not control policy using policy.json

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Some neutron resource can not apply the policy control using policy.json when
create/update/delete the resource.

Following resources can not apply the policy control:

* firewall_policy
* ipsec_policy
* ikepolicy

This bug occurs the following case(example):

If the administrator tries to prohibit the general user from specifying the
"shared" attribute in creating the resource, but he can't.

How to reproduce:

# grep create_firewall_policy /etc/neutron/policy.json
    "create_firewall_policy:shared": "rule:context_is_admin",

# source keystonerc_demo #change to general user
# neutron firewall-policy-create --shared foo
Created a new firewall_policy:
+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| audited        | False                                |
| description    |                                      |
| firewall_rules |                                      |
| id             | ab688173-72dc-4032-aa90-5d75e2529830 |
| name           | foo                                  |
| shared         | True                                 |
| tenant_id      | 0cf9279d4de346fc83ac297a289a79c6     |
+----------------+--------------------------------------+

** Affects: neutron
     Importance: Undecided
     Assignee: Yushiro FURUKAWA (y-furukawa-2)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => Yushiro FURUKAWA (y-furukawa-2)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1407886

Title:
  can not control policy using policy.json

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Some neutron resource can not apply the policy control using policy.json when
  create/update/delete the resource.

  Following resources can not apply the policy control:

  * firewall_policy
  * ipsec_policy
  * ikepolicy

  This bug occurs the following case(example):

  If the administrator tries to prohibit the general user from specifying the
  "shared" attribute in creating the resource, but he can't.

  How to reproduce:

  # grep create_firewall_policy /etc/neutron/policy.json
      "create_firewall_policy:shared": "rule:context_is_admin",

  # source keystonerc_demo #change to general user
  # neutron firewall-policy-create --shared foo
  Created a new firewall_policy:
  +----------------+--------------------------------------+
  | Field          | Value                                |
  +----------------+--------------------------------------+
  | audited        | False                                |
  | description    |                                      |
  | firewall_rules |                                      |
  | id             | ab688173-72dc-4032-aa90-5d75e2529830 |
  | name           | foo                                  |
  | shared         | True                                 |
  | tenant_id      | 0cf9279d4de346fc83ac297a289a79c6     |
  +----------------+--------------------------------------+

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1407886/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next