yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #91875
[Bug 2018989] [NEW] [SRBAC] FIP Port Forwarding policies should be available for PARENT_OWNER with proper role
Public bug reported:
Currently new S-RBAC policies for FIP port forwardings are defined as
policy_or(ADMIN_OR_PROJECT_MEMBER, RULE_PARENT_OWNER)
this isn't correct as FIP PF resource don't have project_id attribute
and always belongs to the owner of the FIP. It's very similar issue to
what we have with QoS rules and what was reported in
https://bugs.launchpad.net/neutron/+bug/2018727
To fix that we need to use policies like ADMIN_OR_PARENT_OWNER_MEMBER to
let e.g. creation of FIP PF to the owner of FIP with correct role
assigned.
** Affects: neutron
Importance: Medium
Assignee: Slawek Kaplonski (slaweq)
Status: Confirmed
** Tags: api
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2018989
Title:
[SRBAC] FIP Port Forwarding policies should be available for
PARENT_OWNER with proper role
Status in neutron:
Confirmed
Bug description:
Currently new S-RBAC policies for FIP port forwardings are defined as
policy_or(ADMIN_OR_PROJECT_MEMBER, RULE_PARENT_OWNER)
this isn't correct as FIP PF resource don't have project_id attribute
and always belongs to the owner of the FIP. It's very similar issue to
what we have with QoS rules and what was reported in
https://bugs.launchpad.net/neutron/+bug/2018727
To fix that we need to use policies like ADMIN_OR_PARENT_OWNER_MEMBER
to let e.g. creation of FIP PF to the owner of FIP with correct role
assigned.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2018989/+subscriptions
Follow ups
