Public bug reported: The two Patrole test cases below have helped me identify that Neutron is incorrectly performing the policy check for creating/updating the fixed ip_address on a port.
patrole_tempest_plugin.tests.api.network.test_ports_rbac.PortsRbacTest. test_create_port_fixed_ips_ip_address patrole_tempest_plugin.tests.api.network.test_ports_rbac.PortsRbacTest. test_update_port_fixed_ips_ip_address The policy.json file has two rules for the fixed IP addresses: "create_port:fixed_ips:ip_address": "rule:context_is_advsvc or \ rule:admin_or_network_owner", "update_port:fixed_ips:ip_address": "rule:context_is_advsvc or \ rule:admin_or_network_owner", The problem is that these two rules are not enforced within the Neutron code. Instead, the older "create_port:fixed_ips" and "update_port:fixed_ips" rules are enforced; these older rules are no longer in the policy.json file. ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1779225 Title: Incorrect policy check for update/create port fixed_ips ip_address attribute Status in neutron: New Bug description: The two Patrole test cases below have helped me identify that Neutron is incorrectly performing the policy check for creating/updating the fixed ip_address on a port. patrole_tempest_plugin.tests.api.network.test_ports_rbac.PortsRbacTest. test_create_port_fixed_ips_ip_address patrole_tempest_plugin.tests.api.network.test_ports_rbac.PortsRbacTest. test_update_port_fixed_ips_ip_address The policy.json file has two rules for the fixed IP addresses: "create_port:fixed_ips:ip_address": "rule:context_is_advsvc or \ rule:admin_or_network_owner", "update_port:fixed_ips:ip_address": "rule:context_is_advsvc or \ rule:admin_or_network_owner", The problem is that these two rules are not enforced within the Neutron code. Instead, the older "create_port:fixed_ips" and "update_port:fixed_ips" rules are enforced; these older rules are no longer in the policy.json file. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1779225/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp