[ovs-dev] [PATCH ovn] ovn-northd: Fix chassis/chassis_private RBAC.
Numan Siddique
numans at ovn.org
Tue Sep 8 07:53:42 UTC 2020
On Mon, Sep 7, 2020 at 10:29 PM Dumitru Ceara <dceara at redhat.com> wrote:
> Steps to reproduce the issue:
>
> $ make sandbox
> $ ovs-vsctl set open . external_ids:system-id=new-chassis
>
> Fixes: 94a32fca2d2b ("chassis: Fix the way encaps are updated for a
> chassis record.")
> Fixes: 5344f24ecb1a ("ovn-controller: Refactor chassis.c to abstract the
> string parsing")
> Signed-off-by: Dumitru Ceara <dceara at redhat.com>
>
Hi Dumitru,
I applied this patch to master. Earlier after running "make sandbox",
ovn-controller was not able to create a chassis row. This is fixed now.
However after applying, I just noticed that when I run the below 2
commands, the second one fails
ovs-vsctl set open . external_ids:system-id=ch-1
ovs-vsctl set open . external_ids:system-id=ch-2
***
2020-09-08T07:50:20.385Z|00022|ovsdb_idl|WARN|transaction error:
{"details":"RBAC rules for client \"chassis-1\" role \"ovn-controller\"
prohibit modification of table \"Encap\".","error":"permission error"}
2020-09-08T07:50:32.260Z|00023|ovsdb_idl|WARN|transaction error:
{"details":"RBAC rules for client \"chassis-1\" role \"ovn-controller\"
prohibit modification of table \"Chassis\".","error":"permission error"}
***
Thanks
Numan
> ---
> northd/ovn-northd.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> index 3de7161..6927934 100644
> --- a/northd/ovn-northd.c
> +++ b/northd/ovn-northd.c
> @@ -12034,17 +12034,17 @@ static const char *rbac_chassis_auth[] =
> {"name"};
> static const char *rbac_chassis_update[] =
> {"nb_cfg", "external_ids", "encaps", "vtep_logical_switches",
> - "other_config"};
> + "other_config", "name"};
>
> static const char *rbac_chassis_private_auth[] =
> {"name"};
> static const char *rbac_chassis_private_update[] =
> - {"nb_cfg", "chassis"};
> + {"nb_cfg", "chassis", "name"};
>
> static const char *rbac_encap_auth[] =
> {"chassis_name"};
> static const char *rbac_encap_update[] =
> - {"type", "options", "ip"};
> + {"type", "options", "ip", "chassis_name"};
>
> static const char *rbac_port_binding_auth[] =
> {""};
> --
> 1.8.3.1
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>
More information about the dev
mailing list