yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #31375
[Bug 1407886] Re: FWaaS, VPNaaS - can not control policy using policy.json
** Changed in: neutron
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1407886
Title:
FWaaS, VPNaaS - can not control policy using policy.json
Status in OpenStack Neutron (virtual network service):
Fix Released
Bug description:
Some neutron resource can not apply the policy control using policy.json when
create/update/delete the resource.
Following resources can not apply the policy control:
* firewall_policy
* ipsec_policy
* ikepolicy
This bug occurs the following case(example):
If the administrator tries to prohibit the general user from specifying the
"shared" attribute in creating the resource, but he can't.
How to reproduce:
# grep create_firewall_policy /etc/neutron/policy.json
"create_firewall_policy:shared": "rule:context_is_admin",
# source keystonerc_demo #change to general user
# neutron firewall-policy-create --shared foo
Created a new firewall_policy:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| audited | False |
| description | |
| firewall_rules | |
| id | ab688173-72dc-4032-aa90-5d75e2529830 |
| name | foo |
| shared | True |
| tenant_id | 0cf9279d4de346fc83ac297a289a79c6 |
+----------------+--------------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1407886/+subscriptions
References
