[ovs-dev] [PATCH ovn v2 5/9] northd-ddlog: Update RBAC rules

Numan Siddique numans at ovn.org
Fri Mar 12 17:34:19 UTC 2021


On Fri, Mar 5, 2021 at 5:49 PM Frode Nordahl
<frode.nordahl at canonical.com> wrote:
>
> This patch summarizes a series of fixes to the C northd for missing
> or out of date RBAC rules and updates the DDlog version of Northd
> accordingly.
>
> Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>

Hi Frode,

Thanks for the patch series.

I applied the patches 1 to 5 of this series to master and backported
1-4 patches to
branch-21.03.

I have also backported some of the patches down to 20.03. I need to
apply a couple of
patches down to the 20.03 branch. I will do that in some time.

For the patches 6-9, I have not looked at them yet. I'd appreciate it
if others want to review them.

Thanks
Numan

> ---
>  northd/ovn_northd.dl | 24 ++++++++++++++++++++++--
>  1 file changed, 22 insertions(+), 2 deletions(-)
>
> diff --git a/northd/ovn_northd.dl b/northd/ovn_northd.dl
> index 4482cffc0..8bc6dd9f6 100644
> --- a/northd/ovn_northd.dl
> +++ b/northd/ovn_northd.dl
> @@ -1257,7 +1257,8 @@ sb::Out_RBAC_Permission (
>      .authorization  = set_singleton("name"),
>      .insert_delete  = true,
>      .update         = ["nb_cfg", "external_ids", "encaps",
> -                       "vtep_logical_switches", "other_config"].to_set()
> +                       "vtep_logical_switches", "other_config",
> +                       "transport_zones"].to_set()
>  ).
>
>  sb::Out_RBAC_Permission (
> @@ -1281,7 +1282,7 @@ sb::Out_RBAC_Permission (
>      .table          = "Port_Binding",
>      .authorization  = set_singleton(""),
>      .insert_delete  = false,
> -    .update         = ["chassis", "up"].to_set()
> +    .update         = ["chassis", "encap", "up", "virtual_parent"].to_set()
>  ).
>
>  sb::Out_RBAC_Permission (
> @@ -1308,6 +1309,23 @@ sb::Out_RBAC_Permission (
>      .update         = ["address", "chassis", "datapath", "ports"].to_set()
>  ).
>
> +sb::Out_RBAC_Permission (
> +    ._uuid          = 128'h2e5cbf3d_26f6_4f8a_9926_d6f77f61654f,
> +    .table          = "Controller_Event",
> +    .authorization  = set_singleton(""),
> +    .insert_delete  = true,
> +    .update         = ["chassis", "event_info", "event_type",
> +                       "seq_num"].to_set()
> +).
> +
> +sb::Out_RBAC_Permission (
> +    ._uuid          = 128'hb70964fc_322f_4ae5_aee4_ff6afadcc126,
> +    .table          = "FDB",
> +    .authorization  = set_singleton(""),
> +    .insert_delete  = true,
> +    .update         = ["dp_key", "mac", "port_key"].to_set()
> +).
> +
>  /*
>   * RBAC_Role: fixed
>   */
> @@ -1317,7 +1335,9 @@ sb::Out_RBAC_Role (
>      .permissions = [
>          "Chassis" -> 128'h7df3749a_1754_4a78_afa4_3abf526fe510,
>          "Chassis_Private" -> 128'h07e623f7_137c_4a11_9084_3b3f89cb4a54,
> +        "Controller_Event" -> 128'h2e5cbf3d_26f6_4f8a_9926_d6f77f61654f,
>          "Encap" -> 128'h94bec860_431e_4d95_82e7_3b75d8997241,
> +        "FDB" -> 128'hb70964fc_322f_4ae5_aee4_ff6afadcc126,
>          "Port_Binding" -> 128'hd8ceff1a_2b11_48bd_802f_4a991aa4e908,
>          "MAC_Binding" -> 128'h6ffdc696_8bfb_4d82_b620_a00d39270b2f,
>          "Service_Monitor"-> 128'h39231c7e_4bf1_41d0_ada4_1d8a319c0da3]
> --
> 2.30.0
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>


More information about the dev mailing list