Bug 2193344
| Summary: | [Neutron][SRBAC]New policies change the behavior for check rule type | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Candido Campos <ccamposr> |
| Component: | openstack-tripleo-heat-templates | Assignee: | Slawek Kaplonski <skaplons> |
| Status: | CLOSED ERRATA | QA Contact: | Candido Campos <ccamposr> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 17.1 (Wallaby) | CC: | bcafarel, chrisw, ekuris, jlibosva, mburns, mkopec, pgrist, scohen, skaplons |
| Target Milestone: | ga | Keywords: | AutomationBlocker, Triaged |
| Target Release: | 17.1 | Flags: | skaplons:
needinfo-
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-tripleo-heat-templates-14.3.1-1.20230519143954.f602c2b.el8ost | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-08-16 01:14:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2023:4577 |
Example commandd affected: openstack network qos rule type list Several qos test case are skipped due to this chanmge beahavior because: (Pdb) p cls.os_tempest.network_client │ *** AttributeError: 'Manager' object has no attribute 'network_client' │ (Pdb) ll │ 858 -> @classmethod │ 859 def get_supported_qos_rule_types(cls): │ 860 body = cls.client.list_qos_rule_types() │ 861 return [rule_type['type'] for rule_type in body['rule_types']] │ (Pdb) cls.client.list_qos_rule_types() │ {'rule_types': []} │ (Pdb) D/S: ... neutron-get_rule_type: key: "get_rule_type" value: "rule:admin_api or (role:reader and project_id:%(project_id)s)" ... old behavior rule Any: policy.DocumentedRuleDefault( name='get_rule_type', check_str=base.ADMIN, scope_types=['project'], description='Get available QoS rule types', operations=[ { 'method': 'GET', 'path': '/qos/rule-types', }, { 'method': 'GET', 'path': '/qos/rule-types/{rule_type}', }, ], deprecated_rule=policy.DeprecatedRule( name='get_rule_type', check_str=neutron_policy.RULE_ANY, deprecated_reason=DEPRECATED_REASON, deprecated_since=versionutils.deprecated.WALLABY) ), New : https://github.com/openstack/neutron/commit/f1541f29152a75df4efc5b5d53f426a362286ff6#diff-d0398e566a536eb5f27118bf5[…]621369660a13c502b8ae934b043R99 initially it was done correctly https://github.com/openstack/neutron/commit/c4618857b0249535eeed28f0c7a0abf5dbdbc9d0#diff-d0398e566a536eb5f27118bf5[…]9e8621369660a13c502b8ae934b043 later it was done for SYSTEM_READER but then we dropped system scope it should be ROLE:READER I guess to match old behaviour