[ovs-dev] [PATCH ovn v2 0/9] Fix missing RBAC rules and enable testing

Frode Nordahl frode.nordahl at canonical.com
Fri Mar 5 12:16:22 UTC 2021


To help ourself to not forget updating RBAC rules when we land
changes to existing functionality and new features we must enable
SSL+RBAC on the `ovn-controller` <-> SB DB connection for builds
with OpenSSL enabled.

The series is structured with one commit per table where RBAC
rules are fixed for the C version and one summary commit to 
update the northd-ddlog implementation. Then there are a few fixes
to existing tests before finally enabling SSL+RBAC for all tests.

This should allow for easier backports back to series where the
respective tables / features first appeared.

A successful testrun can be viewed at [0], in addittion I have done
local testing with ovn-northd-ddlog.

0: https://github.com/fnordahl/ovn/actions/runs/624324890

Frode Nordahl (9):
  northd: Amend RBAC rules for Port_Binding table
  northd: Add missing RBAC rules for FDB table
  northd: Amend Chassis RBAC rules
  northd: Add Controller_Event RBAC rules
  northd-ddlog: Update RBAC rules
  tests: Amend release stale port binding test for RBAC
  tests: Use ovn_start in tests/ovn-controller.at
  tests: Make certificate generation extendable
  tests: Test with SSL and RBAC for controller by default

 northd/ovn-northd.c     | 31 ++++++++++++++++++++++--
 northd/ovn_northd.dl    | 24 +++++++++++++++++--
 tests/automake.mk       | 53 +++++++++++++++++++++--------------------
 tests/ofproto-macros.at | 12 ++++++++++
 tests/ovn-controller.at | 50 +++++++++++++++++++++++++++++++++-----
 tests/ovn-macros.at     | 38 +++++++++++++++++++++++++++--
 tests/ovn-northd.at     |  6 ++---
 tests/ovn.at            | 50 +++++++++++++++++++-------------------
 8 files changed, 198 insertions(+), 66 deletions(-)

-- 
2.30.0



More information about the dev mailing list