On Thu, Oct 30, 2025 at 10:37 AM Ales Musil <[email protected]> wrote:
> When RBAC was enabled ovn-controller wasn't able to create any
> Learned_Route rows due to missing RBAC configuration. Add the
> configuration to allow ovn-controller insertion and update inside
> Learned_Route table.
>
> Fixes: 866a5014ae45 ("controller: Support learning routes.")
> Acked-by: Dumitru Ceara <[email protected]>
>
Ah the ack slipped through, sorry Dumitru. I don't count it
as it wasn't ever officially acked by you.
> Signed-off-by: Ales Musil <[email protected]>
> ---
> v2: Add external_ids into allowed columns.
> ---
> northd/ovn-northd.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> index c9d88dd22..b196b2d60 100644
> --- a/northd/ovn-northd.c
> +++ b/northd/ovn-northd.c
> @@ -128,6 +128,11 @@ static const char *rbac_bfd_auth[] =
> static const char *rbac_bfd_update[] =
> {"status"};
>
> +static const char *rbac_learned_route_auth[] =
> + {""};
> +static const char *rbac_learned_route_update[] =
> + {"datapath", "logical_port", "ip_prefix", "nexthop", "external_ids"};
> +
> static struct rbac_perm_cfg {
> const char *table;
> const char **auth;
> @@ -217,6 +222,14 @@ static struct rbac_perm_cfg {
> .update = rbac_bfd_update,
> .n_update = ARRAY_SIZE(rbac_bfd_update),
> .row = NULL
> + },{
> + .table = "Learned_Route",
> + .auth = rbac_learned_route_auth,
> + .n_auth = ARRAY_SIZE(rbac_learned_route_auth),
> + .insdel = true,
> + .update = rbac_learned_route_update,
> + .n_update = ARRAY_SIZE(rbac_learned_route_update),
> + .row = NULL
> },{
> .table = NULL,
> .auth = NULL,
> --
> 2.51.0
>
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
