yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1612050] [NEW] Need more data added for RBAC policy notifications

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rick Aulino <rick.aulino@xxxxxx>
Date: Thu, 11 Aug 2016 05:02:50 -0000
Reply-to: Bug 1612050 <1612050@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

For the Searchlight project, we are receiving notifications for the RBAC
policy commands.

    rbac-create
    rbac-delete

The payload for rbac_policy.create.end is complete and allows
Searchlight to update our state to reflect the policy changes.

The payload for rbac_policy.delete.end is not as complete. The payload
we receive is:

{
"event_type": "rbac_policy.delete.end",
"payload":
{ "rbac_policy_id": "d7491be9-ee3d-40d7-9880-0ce82c7c12f6" }

}

Since the RBAC policy is being deleted, we cannot query the details of
the policy through the Neutron API using the policy ID. Doing so results
in a race condition where the majority of the time the policy has
already been deleted.

This means we need to store the details of the policy upon
rbac_policy.create.end time, which requires extraneous state in
Searchlight.

We would like a change to the rbac_policy.delete.end payload to include
all policy's details. Mirroring the same information provided by the
rbac_policy.create.end notification:

{
"event_type": "rbac_policy.delete.end",
"payload":
{ "target_tenant": "admin", "tenant_id": "c4b424b17cc04cefa7211b40c5c893c2", "object_type": "network", "object_id": "64f00d1c-a6b6-4c00-a800-10eb9360a976", "action": "access_as_shared", "id": "d7491be9-ee3d-40d7-9880-0ce82c7c12f6" }

}

At a bare minimum, we would need "tenant_id", "object_id" and "id" to be
returned.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1612050

Title:
  Need more data added for RBAC policy notifications

Status in neutron:
  New

Bug description:
  For the Searchlight project, we are receiving notifications for the
  RBAC policy commands.

      rbac-create
      rbac-delete

  The payload for rbac_policy.create.end is complete and allows
  Searchlight to update our state to reflect the policy changes.

  The payload for rbac_policy.delete.end is not as complete. The payload
  we receive is:

  {
  "event_type": "rbac_policy.delete.end",
  "payload":
  { "rbac_policy_id": "d7491be9-ee3d-40d7-9880-0ce82c7c12f6" }

  }

  Since the RBAC policy is being deleted, we cannot query the details of
  the policy through the Neutron API using the policy ID. Doing so
  results in a race condition where the majority of the time the policy
  has already been deleted.

  This means we need to store the details of the policy upon
  rbac_policy.create.end time, which requires extraneous state in
  Searchlight.

  We would like a change to the rbac_policy.delete.end payload to
  include all policy's details. Mirroring the same information provided
  by the rbac_policy.create.end notification:

  {
  "event_type": "rbac_policy.delete.end",
  "payload":
  { "target_tenant": "admin", "tenant_id": "c4b424b17cc04cefa7211b40c5c893c2", "object_type": "network", "object_id": "64f00d1c-a6b6-4c00-a800-10eb9360a976", "action": "access_as_shared", "id": "d7491be9-ee3d-40d7-9880-0ce82c7c12f6" }

  }

  At a bare minimum, we would need "tenant_id", "object_id" and "id" to
  be returned.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1612050/+subscriptions

Follow ups

[Bug 1612050] Re: Need more data added for RBAC policy notifications
From: Lajos Katona, 2023-11-15