yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1801779] Re: Policy rule rule:create_port:fixed_ips:subnet_id doesn't allow non-admin to create port on specific subnet

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1801779@xxxxxxxxxxxxxxxxxx>
Date: Sat, 26 Jan 2019 04:17:39 -0000
Reply-to: Bug 1801779 <1801779@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1801779

Title:
  Policy rule rule:create_port:fixed_ips:subnet_id doesn't allow non-
  admin to create port on specific subnet

Status in neutron:
  Expired

Bug description:
  Running roughly master branch. According to pip,
  neutron==13.0.0.0rc2.dev324. I know that isn't super helpful from a
  dev perspective, but this is a kolla image and I don't have a great
  way to map this back to a SHA.

  Trying to create a port on a specific subnet on a shared network. I
  have the following policy rules, which seem to imply I should be able
  to do this:

      "create_port:fixed_ips": "rule:context_is_advsvc or rule:admin_or_network_owner",
      "create_port:fixed_ips:ip_address": "rule:context_is_advsvc or rule:admin_or_network_owner",
      "create_port:fixed_ips:subnet_id": "rule:context_is_advsvc or rule:admin_or_network_owner or rule:shared",

  Client logs here:
  https://gist.github.com/jimrollenhagen/82514bee47ad66e1e878c56d8fd66453

  Not much showing up in neutron-server.log, but can provide more info
  if needed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1801779/+subscriptions

References

[Bug 1801779] [NEW] Policy rule rule:create_port:fixed_ips:subnet_id doesn't allow non-admin to create port on specific subnet
From: Jim Rollenhagen, 2018-11-05