yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2073782] Re: "Tagging" extension does not initialize the policy enforcer

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <2073782@xxxxxxxxxxxxxxxxxx>
Date: Wed, 31 Jul 2024 16:49:06 -0000
Reply-to: Bug 2073782 <2073782@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/c/openstack/neutron/+/924656
Committed: https://opendev.org/openstack/neutron/commit/776178e90763d004ccb595b131cdd4dd617cd34f
Submitter: "Zuul (22348)"
Branch:    master

commit 776178e90763d004ccb595b131cdd4dd617cd34f
Author: Rodolfo Alonso Hernandez <ralonsoh@xxxxxxxxxx>
Date:   Sat Jul 20 00:46:04 2024 +0000

    Initialize the policy enforcer for the "tagging" service plugin
    
    The "tagging" service plugin API extension does use the policy enforcer
    since [1]. If a tag API call is done just after the Neutron server has
    been initialized and the policy enforcer, that is a global variable per
    API worker, has not been initialized, the API call will fail.
    
    This patch initializes the policy enforcer as is done in the
    ``PolicyHook``, that is called by many other API resources that inherit
    from the ``APIExtensionDescriptor`` class.
    
    [1]https://review.opendev.org/q/I9f3e032739824f268db74c5a1b4f04d353742dbd
    
    Closes-Bug: #2073782
    Change-Id: Ia35c51fb81cfc0a55c5a2436fc5c55f2b4c9bd01


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2073782

Title:
  "Tagging" extension does not initialize the policy enforcer

Status in neutron:
  Fix Released

Bug description:
  The "tagging" service plugin extension uses its own controller. This
  controller doesn't call the WSGI hooks like the policy hook. Instead
  of this, the controller implements the policy enforcer directly on the
  WSGI methods (create, update, delete, etc.).

  It is needed to initialize the policy enforcer before any enforcement
  is done. If a tag API call is done just after the Neutron server has
  been restarted, the server will fail with the following error: [1].

  The policy enforcement was implemented in [2]. The fix for this bug
  should be backported up to 2023.2.

  [1]https://paste.opendev.org/show/bIeSoD2Y0vrTpJb4uYQ5/
  [2]https://review.opendev.org/q/I9f3e032739824f268db74c5a1b4f04d353742dbd

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2073782/+subscriptions

References

[Bug 2073782] [NEW] "Tagging" extension does not initialize the policy enforcer
From: Rodolfo Alonso, 2024-07-22