a644b3c62b
According to the neutron API-REF [1] port's "binding:profile" field is intended to be used for the "machine-machine communication for compute services like Nova, Ironic or Zun to pass information to a Neutron back-end." so it should be by allowed only for the users with the SERVICE role granted, not even for ADMIN. This patch updates that policies to be available only for SERVICE role when new, secure RBAC policies are enabled. Additionally this patch updates some policies for create, update and get port APIs to make them all work in the same way and allow them for the SERVICE users too. Finally this new policy for create/update_port:binding:profile have to be overwritten in the fullstack tests to be allowed also for admin user. It is done by adding custom policy file for the fullstack tests only. [1] https://docs.openstack.org/api-ref/network/v2/index.html#create-port Closes-Bug: #2052937 Change-Id: I5c0094ff21439fe8977cfc623789a09067e6a895 |
||
|---|---|---|
| .. | ||
| neutron | ||
| oslo-config-generator | ||
| oslo-policy-generator | ||
| api-paste.ini | ||
| fullstack_tests_policy.yaml | ||
| README.policy.yaml.txt | ||
| README.txt | ||
| rootwrap.conf | ||
To generate the sample neutron configuration files, run the following command from the top level of the neutron directory: tox -e genconfig If a 'tox' environment is unavailable, then you can run the following script instead to generate the configuration files: ./tools/generate_config_file_samples.sh