yahoo-eng-team team mailing list archive

[Felipe Monteiro <1712929@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

This is related to (resolved) bug: 1676674

Using a Tempest example, running the following test (after creating it)
with insufficient permissions (i.e. setting tempest_roles=Member or by
changing the defaults):

    def test_add_router_interface_enable_snat(self): 
        name = data_utils.rand_name(self.__class__.__name__ + '-snat-router') 
        external_gateway_info = {'network_id': self.network['id'], 
                                 'enable_snat': True} 
 
        network = self.create_network() 
        subnet = self.create_subnet(network) 
 
        router = self.routers_client.create_router( 
            name=name, external_gateway_info=external_gateway_info)['router'] 
        self.addCleanup(self.routers_client.delete_router, router['id']) 

        self.routers_client.add_router_interface( 
            router['id'], subnet_id=subnet['id']) 
        self.addCleanup( 
            test_utils.call_and_ignore_notfound_exc, 
            self.routers_client.remove_router_interface, 
            router['id'], 
            subnet_id=subnet['id'])

Results in the following appearing in the logs:

Enforcing rules: ['add_router_interface',
'add_router_interface:external_gateway_info',
'add_router_interface:external_gateway_info:network_id',
'add_router_interface:external_gateway_info:enable_snat',
'add_router_interface:external_gateway_info:external_fixed_ips',
'add_router_interface:distributed', 'add_router_interface:flavor_id',
'add_router_interface:ha']

The problem is that these policies aren't discoverable by the average
user because they're not in neutron's default policy.json.

** Affects: neutron
     Importance: Undecided
     Assignee: Felipe Monteiro (fm577c)
         Status: Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1712929

Title:
  Policy.json missing many policies related to add_router_interface

Status in neutron:
  Invalid

Bug description:
  This is related to (resolved) bug: 1676674

  Using a Tempest example, running the following test (after creating
  it) with insufficient permissions (i.e. setting tempest_roles=Member
  or by changing the defaults):

      def test_add_router_interface_enable_snat(self): 
          name = data_utils.rand_name(self.__class__.__name__ + '-snat-router') 
          external_gateway_info = {'network_id': self.network['id'], 
                                   'enable_snat': True} 
   
          network = self.create_network() 
          subnet = self.create_subnet(network) 
   
          router = self.routers_client.create_router( 
              name=name, external_gateway_info=external_gateway_info)['router'] 
          self.addCleanup(self.routers_client.delete_router, router['id']) 

          self.routers_client.add_router_interface( 
              router['id'], subnet_id=subnet['id']) 
          self.addCleanup( 
              test_utils.call_and_ignore_notfound_exc, 
              self.routers_client.remove_router_interface, 
              router['id'], 
              subnet_id=subnet['id'])

  Results in the following appearing in the logs:

  Enforcing rules: ['add_router_interface',
  'add_router_interface:external_gateway_info',
  'add_router_interface:external_gateway_info:network_id',
  'add_router_interface:external_gateway_info:enable_snat',
  'add_router_interface:external_gateway_info:external_fixed_ips',
  'add_router_interface:distributed', 'add_router_interface:flavor_id',
  'add_router_interface:ha']

  The problem is that these policies aren't discoverable by the average
  user because they're not in neutron's default policy.json.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1712929/+subscriptions