yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2044171] [NEW] External shared networks may not be seen by other projects

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jakub Libosvar <2044171@xxxxxxxxxxxxxxxxxx>
Date: Tue, 21 Nov 2023 17:58:00 -0000
Reply-to: Bug 2044171 <2044171@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

External shared networks each create its own RBAC entry. If there is a
project that access the network through the shared attribute then it may
not work. It depends on how mysql returns the records, then using GROUP
BY clause it will use the first returned - meaning that if
access_as_external is the first record returned, the network will be not
treated as shared as it won't match here:
https://opendev.org/openstack/neutron/src/commit/cbca72195ae5976d6f8b10bbbd58bde3542956bf/neutron/pecan_wsgi/hooks/ownership_validation.py#L45

This is a regression caused by
https://review.opendev.org/c/openstack/neutron-
lib/+/884878/1/neutron_lib/db/model_query.py

** Affects: neutron
     Importance: Undecided
         Status: In Progress

** Description changed:

  External shared networks each create its own RBAC entry. If there is a
  project that access the network through the shared attribute then it may
  not work. It depends on how mysql returns the records, then using GROUP
  BY clause it will use the first returned - meaning that if
  access_as_external is the first record returned, the network will be not
  treated as shared as it won't match here:
  https://opendev.org/openstack/neutron/src/commit/cbca72195ae5976d6f8b10bbbd58bde3542956bf/neutron/pecan_wsgi/hooks/ownership_validation.py#L45
  
  This is a regression caused by
- https://code.engineering.redhat.com/gerrit/c/neutron/+/443833
+ https://review.opendev.org/c/openstack/neutron-
+ lib/+/884878/1/neutron_lib/db/model_query.py

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2044171

Title:
  External shared networks may not be seen by other projects

Status in neutron:
  In Progress

Bug description:
  External shared networks each create its own RBAC entry. If there is a
  project that access the network through the shared attribute then it
  may not work. It depends on how mysql returns the records, then using
  GROUP BY clause it will use the first returned - meaning that if
  access_as_external is the first record returned, the network will be
  not treated as shared as it won't match here:
  https://opendev.org/openstack/neutron/src/commit/cbca72195ae5976d6f8b10bbbd58bde3542956bf/neutron/pecan_wsgi/hooks/ownership_validation.py#L45

  This is a regression caused by
  https://review.opendev.org/c/openstack/neutron-
  lib/+/884878/1/neutron_lib/db/model_query.py

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2044171/+subscriptions

Follow ups

[Bug 2044171] Re: External shared networks may not be seen by other projects
From: Jakub Libosvar, 2023-11-22