yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2073782] [NEW] "Tagging" extension does not initialize the policy enforcer

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rodolfo Alonso <2073782@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Jul 2024 15:33:00 -0000
Reply-to: Bug 2073782 <2073782@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

The "tagging" service plugin extension uses its own controller. This
controller doesn't call the WSGI hooks like the policy hook. Instead of
this, the controller implements the policy enforcer directly on the WSGI
methods (create, update, delete, etc.).

It is needed to initialize the policy enforcer before any enforcement is
done. If a tag API call is done just after the Neutron server has been
restarted, the server will fail with the following error: [1].

The policy enforcement was implemented in [2]. The fix for this bug
should be backported up to 2023.2.

[1]https://paste.opendev.org/show/bIeSoD2Y0vrTpJb4uYQ5/
[2]https://review.opendev.org/q/I9f3e032739824f268db74c5a1b4f04d353742dbd

** Affects: neutron
     Importance: Medium
     Assignee: Rodolfo Alonso (rodolfo-alonso-hernandez)
         Status: New

** Description changed:

  The "tagging" service plugin extension uses its own controller. This
  controller doesn't call the WSGI hooks like the policy hook. Instead of
  this, the controller implements the policy enforcer directly on the WSGI
  methods (create, update, delete, etc.).
  
  It is needed to initialize the policy enforcer before any enforcement is
  done. If a tag API call is done just after the Neutron server has been
  restarted, the server will fail with the following error: [1].
  
+ The policy enforcement was implemented in [2]. The fix for this bug
+ should be backported up to 2023.2.
+ 
  [1]https://paste.opendev.org/show/bIeSoD2Y0vrTpJb4uYQ5/
+ [2]https://review.opendev.org/q/I9f3e032739824f268db74c5a1b4f04d353742dbd

** Changed in: neutron
   Importance: Undecided => Medium

** Changed in: neutron
     Assignee: (unassigned) => Rodolfo Alonso (rodolfo-alonso-hernandez)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2073782

Title:
  "Tagging" extension does not initialize the policy enforcer

Status in neutron:
  New

Bug description:
  The "tagging" service plugin extension uses its own controller. This
  controller doesn't call the WSGI hooks like the policy hook. Instead
  of this, the controller implements the policy enforcer directly on the
  WSGI methods (create, update, delete, etc.).

  It is needed to initialize the policy enforcer before any enforcement
  is done. If a tag API call is done just after the Neutron server has
  been restarted, the server will fail with the following error: [1].

  The policy enforcement was implemented in [2]. The fix for this bug
  should be backported up to 2023.2.

  [1]https://paste.opendev.org/show/bIeSoD2Y0vrTpJb4uYQ5/
  [2]https://review.opendev.org/q/I9f3e032739824f268db74c5a1b4f04d353742dbd

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2073782/+subscriptions

Follow ups

[Bug 2073782] Re: "Tagging" extension does not initialize the policy enforcer
From: OpenStack Infra, 2024-08-05