yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1534954] Re: policy rule for update_port is inconsistent

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Kevin Benton <1534954@xxxxxxxxxxxxxxxxxx>
Date: Mon, 18 Jan 2016 07:44:18 -0000
Reply-to: Bug 1534954 <1534954@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

why do you feel this should be changed? The port is a child of the
network, it makes sense that the owner of the network should be able to
control the ports on it.

** Changed in: neutron
       Status: In Progress => Opinion

** Changed in: neutron
       Status: Opinion => New

** Changed in: neutron
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1534954

Title:
  policy rule for update_port is inconsistent

Status in neutron:
  Opinion

Bug description:
  For user from a common tenant, per [1]
  https://github.com/openstack/neutron/blob/master/etc/policy.json#L77 ,
  seems network owner shouldn't have privilege to update port on her/his
  network if she/he is not port owner.

  But per [2]
  https://github.com/openstack/neutron/blob/master/etc/policy.json#L78-L85
  , seems network owner still have chance to update port attributes such
  as device_owner, fixed_ips, port_security_enabled,
  mac_learning_enabled, allowed_address_pairs.

  This is inconsistent, per [1], policy rule
  "rule:admin_or_network_owner" in [2] should be updated to
  "admin_or_owner".

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1534954/+subscriptions

References

[Bug 1534954] [NEW] policy rule for update_port is inconsistent
From: ZongKai LI, 2016-01-16