yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1996606] Re: QoS rules policies do not work for "owners"

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1996606@xxxxxxxxxxxxxxxxxx>
Date: Wed, 16 Nov 2022 15:05:43 -0000
Reply-to: Bug 1996606 <1996606@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/c/openstack/neutron-lib/+/864568
Committed: https://opendev.org/openstack/neutron-lib/commit/7e4a6beed43d28f7ab0c6c47ea056c70ea7b1fea
Submitter: "Zuul (22348)"
Branch:    master

commit 7e4a6beed43d28f7ab0c6c47ea056c70ea7b1fea
Author: Rodolfo Alonso Hernandez <ralonsoh@xxxxxxxxxx>
Date:   Sat Nov 12 11:14:02 2022 +0100

    Added "qos" plugin to "EXT_PARENT_RESOURCE_MAPPING"
    
    The plugin "qos" is added to the "EXT_PARENT_RESOURCE_MAPPING" constant.
    The policy engine can now check the QoS rule ownership using the QoS
    policy project ID. The QoS rules are resources that do not have an
    assigned project ID, it is inherited from the QoS policy. This patch
    allows to check a QoS rule ownership using the "ext_parent_policy_id"
    field, that stores the QoS policy project ID.
    
    NOTE: once released, this bug fix must include Neutron unit tests
    checking, using the rules:
      "update_policy_bandwidth_limit_rule": "rule:admin_or_owner"
      "update_policy_packet_rate_limit_rule": "rule:admin_or_owner"
      "update_policy_dscp_marking_rule": "rule:admin_or_owner"
      "update_policy_minimum_bandwidth_rule": "rule:admin_or_owner"
      "update_policy_minimum_packet_rate_rule": "rule:admin_or_owner"
    
    Closes-Bug: #1996606
    Change-Id: I0531ea2c1bf29aecfab9b491eefef044a4ee49ad


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1996606

Title:
  QoS rules policies do not work for "owners"

Status in neutron:
  Fix Released

Bug description:
  Related bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2141470

  Policies for QoS rules do not work for "owner" since QoS rules do not
  have a project ID. When the default policy is overridden, the policy
  enforcement raise an exception. For example:

    update_policy_bandwidth_limit_rule":"rule:admin_or_owner"

  When the policy engine tries to check the owner, it first check the
  project_id of the object. In this case, the QoS rule does NOT have a
  project ID (e.g.: max-bw rule definition [1]).

  This is the exception the engine returns: [2].

  [1]https://github.com/openstack/neutron/blob/320f54eba1a82917e4f02244ea8ddf9757d8f39f/neutron/db/qos/models.py#L145-L166
  [2]https://paste.opendev.org/show/bEPQCngI8QpmWIVGoiAi/

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1996606/+subscriptions

References

[Bug 1996606] [NEW] QoS rules policies do not work for "owners"
From: Rodolfo Alonso, 2022-11-15