[ovs-git] [ovn-org/ovn] 525d78: northd: Amend RBAC rules for Port_Binding table

Frode Nordahl noreply at github.com
Fri Mar 12 11:38:37 UTC 2021


  Branch: refs/heads/master
  Home:   https://github.com/ovn-org/ovn
  Commit: 525d78946e6db29430fc2f946b9348eda6356fc6
      https://github.com/ovn-org/ovn/commit/525d78946e6db29430fc2f946b9348eda6356fc6
  Author: Frode Nordahl <frode.nordahl at canonical.com>
  Date:   2021-03-12 (Fri, 12 Mar 2021)

  Changed paths:
    M northd/ovn-northd.c

  Log Message:
  -----------
  northd: Amend RBAC rules for Port_Binding table

When `ovn-controller` claims a virtual lport it will update the
Port_Binding table with which chassis currently has claimed the
port as well as recording information about the virtual parent
lport [0].

When `ovn-controller` claims a lport it will also update the
encap field of the Port_Binding table if set and an update is
needed.

The current RBAC rules does not allow for these updates.

0: https://github.com/ovn-org/ovn/blob/b7b0fbdab03ce8b39d5bdc114876e6b0d0683892/controller/pinctrl.c#L6150
Fixes: 054f4c85c ("Add a new logical switch port type - 'virtual'")
Fixes: 6c8b9a132 (" ovn-controller: Store the local port bindings in the runtime data I-P state")
Reported-At: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1917475
Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>
Signed-off-by: Numan Siddique <numans at ovn.org>


  Commit: a6008b68bb70e99a9191eb9c6c98532816fa4307
      https://github.com/ovn-org/ovn/commit/a6008b68bb70e99a9191eb9c6c98532816fa4307
  Author: Frode Nordahl <frode.nordahl at canonical.com>
  Date:   2021-03-12 (Fri, 12 Mar 2021)

  Changed paths:
    M northd/ovn-northd.c

  Log Message:
  -----------
  northd: Add missing RBAC rules for FDB table

The recently added FDB table did not get its RBAC rules which
would prohibit a `ovn-controller` from updating it with RBAC
enabled.

Fixes: 6ec3b1259 ("MAC learning: Add a new FDB table in southbound db")
Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>
Signed-off-by: Numan Siddique <numans at ovn.org>


  Commit: b865e502293b8504812b062321be442805f46d4a
      https://github.com/ovn-org/ovn/commit/b865e502293b8504812b062321be442805f46d4a
  Author: Frode Nordahl <frode.nordahl at canonical.com>
  Date:   2021-03-12 (Fri, 12 Mar 2021)

  Changed paths:
    M northd/ovn-northd.c

  Log Message:
  -----------
  northd: Amend Chassis RBAC rules

The Transport Zones support does currently not work when RBAC is
enabled.

Fixes: 07d0d258d ("OVN: Add support for Transport Zones")
Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>
Signed-off-by: Numan Siddique <numans at ovn.org>


  Commit: 51f2629cda614d0712ca13f4b51e30c9c2290bc1
      https://github.com/ovn-org/ovn/commit/51f2629cda614d0712ca13f4b51e30c9c2290bc1
  Author: Frode Nordahl <frode.nordahl at canonical.com>
  Date:   2021-03-12 (Fri, 12 Mar 2021)

  Changed paths:
    M northd/ovn-northd.c

  Log Message:
  -----------
  northd: Add Controller_Event RBAC rules

The use of the Controller_Event table does currently not work
when RBAC is enabled.

Fixes: be1eeb09d ("OVN: introduce Controller_Event table")
Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>
Signed-off-by: Numan Siddique <numans at ovn.org>


  Commit: 340ed17bc74021498779e5f14388626310fccf00
      https://github.com/ovn-org/ovn/commit/340ed17bc74021498779e5f14388626310fccf00
  Author: Frode Nordahl <frode.nordahl at canonical.com>
  Date:   2021-03-12 (Fri, 12 Mar 2021)

  Changed paths:
    M northd/ovn_northd.dl

  Log Message:
  -----------
  northd-ddlog: Update RBAC rules

This patch summarizes a series of fixes to the C northd for missing
or out of date RBAC rules and updates the DDlog version of Northd
accordingly.

Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>
Signed-off-by: Numan Siddique <numans at ovn.org>


Compare: https://github.com/ovn-org/ovn/compare/0d0f8c40377b...340ed17bc740


More information about the git mailing list