Bug 2196291

Summary: [Neutron][SRBAC] API policies for get_policy_*_rule are wrong
Product: Red Hat OpenStack Reporter: Candido Campos <ccamposr>
Component: python-neutron-libAssignee: Slawek Kaplonski <skaplons>
Status: CLOSED ERRATA QA Contact: Candido Campos <ccamposr>
Severity: high Docs Contact:
Priority: high    
Version: 17.1 (Wallaby)CC: apevec, averdagu, chrisw, ekuris, gbrinn, jamsmith, jjoyce, jschluet, lhh, mariel, pgrist, prgutier, rheslop, scohen, skaplons
Target Milestone: z2Keywords: Automation, Triaged
Target Release: 17.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-neutron-lib-2.10.2-1.20230510080958.el9ost openstack-tripleo-heat-templates-14.3.1-1.20230519151024.el9ost python-neutron-tests-tempest-2.1.0-17.1.20230906160844.021ce91.el9ost Doc Type: Bug Fix
Doc Text:
This update fixes a bug that prevented non-admin users from listing or managing policy rules. Now you can allow non-admin users to list or manage policy rules.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2024-01-16 14:32:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Candido Campos 2023-05-08 16:00:43 UTC 
With new defaults policies for get QoS rules are set to ADMIN_OR_PROJECT_READER but that's wrong as rules don't have owner. Those API rules should be based on the parent owner (qos_policy) always.

Those tests are skipped currently in our CI job neutron-tempest-plugin-openvswitch-enforce-scope-new-defaults due to other bug 

 https://bugzilla.redhat.com/show_bug.cgi?id=2193344    
Bug 2193344 - [Neutron][SRBAC]New policies change the behavior for check rule type
Comment 1 Slawek Kaplonski 2023-05-10 08:49:52 UTC 
neutron-lib's fix is available in python-neutron-lib-2.10.2-1.20230510080957.6bbae46.el9osttrunk
Comment 23 Lon Hohberger 2023-08-16 10:34:51 UTC 
According to our records, this should be resolved by python-neutron-lib-2.10.2-1.20230510080958.el9ost.  This build is available now.
Comment 53 errata-xmlrpc 2024-01-16 14:32:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 17.1.2 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:0209