yahoo-eng-team team mailing list archive

[OpenStack Infra <2107039@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.opendev.org/c/openstack/neutron/+/947003
Committed: https://opendev.org/openstack/neutron/commit/c981cfd658e5a75d87f1cd635bcd39b551945e7b
Submitter: "Zuul (22348)"
Branch:    master

commit c981cfd658e5a75d87f1cd635bcd39b551945e7b
Author: Tobias Urdin <tobias.urdin@xxxxxxxxxx>
Date:   Fri Apr 11 16:13:21 2025 +0200

    Allow service role to create/update port device_id
    
    The ``device_id`` field on ports is used by other
    OpenStack projects to save what resource is using
    a port and for these OpenStack projects to support
    the Secure RBAC community goal they need to be
    able to update this field.
    
    This is required for OpenStack projects such as
    Nova that tracks instance UUID in device_id on
    a port and Octavia that also uses the device_id
    field.
    
    This allows the ``service`` role to update the
    device_id field and doesn't touch any existing
    policies that already exist for the field.
    
    Related-Bug: #2105502
    Closes-Bug: #2107039
    Change-Id: I227416a7420412a39e450352915eff5967172c64


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2107039

Title:
  create/update on a port's device_id must be allowed for service role

Status in neutron:
  Fix Released

Bug description:
  The service role needs to be allowed to create/update the device_id on
  a neutron port so that other OpenStack projects that update this field
  is allowed to when only having the service role, this is required to
  fully support the secure RBAC community goal.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2107039/+subscriptions