[ovs-dev] [PATCH ovn] northd: Add Chassis_Private "external_ids" column to RBAC

Frode Nordahl Mon, 25 Jan 2021 13:07:34 -0800

After introduction of the Chassis_Private table in OVN 20.09, CMS'es do
expect data plane components that may be subject to the
`ovn-controller` RBAC role to be able to write to the external_ids
column. An example being the OpenStack metadata agent [0].


[0]: 
https://github.com/openstack/neutron/blob/master/neutron/agent/ovn/metadata/agent.py#L175-L191
Reported-at: https://bugs.launchpad.net/bugs/1913024
Fixes: 4adc10f58127 ("Avoid nb_cfg update notification flooding")
Signed-off-by: Frode Nordahl <frode.nord...@canonical.com>
---
 northd/ovn-northd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index b2eb93835..d91944feb 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -12971,7 +12971,7 @@ static const char *rbac_chassis_update[] =
 static const char *rbac_chassis_private_auth[] =
     {"name"};
 static const char *rbac_chassis_private_update[] =
-    {"nb_cfg", "nb_cfg_timestamp", "chassis"};
+    {"nb_cfg", "nb_cfg_timestamp", "chassis", "external_ids"};
 
 static const char *rbac_encap_auth[] =
     {"chassis_name"};
-- 
2.29.2

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH ovn] northd: Add Chassis_Private "external_ids" column to RBAC

Reply via email to