yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1517702] Re: create a rbac policy target_tenant_id=self, can not delete this policy

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1517702@xxxxxxxxxxxxxxxxxx>
Date: Mon, 17 Apr 2017 05:00:25 -0000
Reply-to: Bug 1517702 <1517702@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Reviewed:  https://review.openstack.org/265664
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=f96b5439de459b6d437235a0ecb259cda2e1c81d
Submitter: Jenkins
Branch:    master

commit f96b5439de459b6d437235a0ecb259cda2e1c81d
Author: Stephen Ma <stephen.ma@xxxxxxx>
Date:   Tue Apr 26 15:07:35 2016 -0700

    Allow self-sharing RBAC rules to be deleted without usage check
    
    This patch allows the update and deletion of network
    'access_as_shared' rule whose target tenant-id is the network owner
    without checking for network usage.
    
    Change-Id: I34d627da869f68c02e1abc4a19246698766d66e4
    Closes-bug: #1517702


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1517702

Title:
  create a rbac policy target_tenant_id=self, can not delete this policy

Status in neutron:
  Fix Released

Bug description:
  
  I create a network use admin with just input the network name. I want to make this network just shared with myself. So I create a policy about  it.But after a period , I want to make this network to share to other tenants or delete this policy , it cannot work.

  repo 
  ----------------
  1. neutron net-create test1    with    admin tenant A
  2. neutron rbac-create test --type network --action access_as_shared --target-tenant admin_tenant
  3.neutron rbac-delete policy_id                  ------> hit error
  4.neutron rbac-update policy_id  --target-tenant demo_tenant         ------> hit error  

  So this policy cannot delete.

  err_details
  -----------------
  2015-11-19 02:46:57.687 ERROR neutron.callbacks.manager [req-5300e9fd-518d-46d8-b168-4ff3ea8e11bc admin 5d73438ed76a4399b8d2996a699146c5] Error during notification for neutron.plugins.ml2.plugin.Ml2Plugin.validate_network_rbac_policy_change rbac-policy, before_update
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager Traceback (most recent call last):
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager   File "/opt/stack/neutron/neutron/callbacks/manager.py", line 141, in _notify_loop
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager     callback(resource, event, trigger, **kwargs)
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager   File "/opt/stack/neutron/neutron/db/db_base_plugin_v2.py", line 151, in validate_network_rbac_policy_change
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager     tenant_to_check)
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager   File "/opt/stack/neutron/neutron/db/db_base_plugin_v2.py", line 157, in ensure_no_tenant_ports_on_network
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager     ctx_admin = ctx.get_admin_context()
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager InvalidSharedSetting: Unable to reconfigure sharing settings for network d207350c-6d19-45fc-a3a4-2c70bf35a933. Multiple tenants are using it.
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager 
  2015-11-19 02:46:57.687 ERROR neutron.callbacks.manager [req-5300e9fd-518d-46d8-b168-4ff3ea8e11bc admin 5d73438ed76a4399b8d2996a699146c5] Error during notification for neutron.plugins.ml2.plugin.Ml2Plugin.validate_network_rbac_policy_change rbac-policy, before_update
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager Traceback (most recent call last):
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager   File "/opt/stack/neutron/neutron/callbacks/manager.py", line 141, in _notify_loop
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager     callback(resource, event, trigger, **kwargs)
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager   File "/opt/stack/neutron/neutron/db/db_base_plugin_v2.py", line 151, in validate_network_rbac_policy_change
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager     tenant_to_check)
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager   File "/opt/stack/neutron/neutron/db/db_base_plugin_v2.py", line 157, in ensure_no_tenant_ports_on_network
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager     ctx_admin = ctx.get_admin_context()
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager InvalidSharedSetting: Unable to reconfigure sharing settings for network d207350c-6d19-45fc-a3a4-2c70bf35a933. Multiple tenants are using it.
  2015-11-19 02:46:57.687 TRACE neutron.callbacks.manager

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1517702/+subscriptions
References

[Bug 1517702] [NEW] create a rbac policy target_tenant_id=self, can not delete this policy
From: zhaobo, 2015-11-19