[ovs-git] [ovn-org/ovn] 687d17: northd: Amend RBAC rules for Port_Binding table

Frode Nordahl noreply at github.com
Fri Mar 12 12:07:14 UTC 2021


  Branch: refs/heads/branch-21.03
  Home:   https://github.com/ovn-org/ovn
  Commit: 687d1727e5282d92874cd41656255c91ed59199e
      https://github.com/ovn-org/ovn/commit/687d1727e5282d92874cd41656255c91ed59199e
  Author: Frode Nordahl <frode.nordahl at canonical.com>
  Date:   2021-03-12 (Fri, 12 Mar 2021)

  Changed paths:
    M northd/ovn-northd.c

  Log Message:
  -----------
  northd: Amend RBAC rules for Port_Binding table

When `ovn-controller` claims a virtual lport it will update the
Port_Binding table with which chassis currently has claimed the
port as well as recording information about the virtual parent
lport [0].

When `ovn-controller` claims a lport it will also update the
encap field of the Port_Binding table if set and an update is
needed.

The current RBAC rules does not allow for these updates.

0: https://github.com/ovn-org/ovn/blob/b7b0fbdab03ce8b39d5bdc114876e6b0d0683892/controller/pinctrl.c#L6150
Fixes: 054f4c85c ("Add a new logical switch port type - 'virtual'")
Fixes: 6c8b9a132 (" ovn-controller: Store the local port bindings in the runtime data I-P state")
Reported-At: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/1917475
Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>
Signed-off-by: Numan Siddique <numans at ovn.org>

(cherry-picked from master commit 525d78946e6db29430fc2f946b9348eda6356fc6)


  Commit: b7823fc262f4700bfa59f4bcbbddd7cb84f300fb
      https://github.com/ovn-org/ovn/commit/b7823fc262f4700bfa59f4bcbbddd7cb84f300fb
  Author: Frode Nordahl <frode.nordahl at canonical.com>
  Date:   2021-03-12 (Fri, 12 Mar 2021)

  Changed paths:
    M northd/ovn-northd.c

  Log Message:
  -----------
  northd: Add missing RBAC rules for FDB table

The recently added FDB table did not get its RBAC rules which
would prohibit a `ovn-controller` from updating it with RBAC
enabled.

Fixes: 6ec3b1259 ("MAC learning: Add a new FDB table in southbound db")
Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>
Signed-off-by: Numan Siddique <numans at ovn.org>

(cherry-picked from master commit a6008b68bb70e99a9191eb9c6c98532816fa4307)


  Commit: c9c1146ca125bff0cb26cb755f37aa36f3224ba2
      https://github.com/ovn-org/ovn/commit/c9c1146ca125bff0cb26cb755f37aa36f3224ba2
  Author: Frode Nordahl <frode.nordahl at canonical.com>
  Date:   2021-03-12 (Fri, 12 Mar 2021)

  Changed paths:
    M northd/ovn-northd.c

  Log Message:
  -----------
  northd: Amend Chassis RBAC rules

The Transport Zones support does currently not work when RBAC is
enabled.

Fixes: 07d0d258d ("OVN: Add support for Transport Zones")
Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>
Signed-off-by: Numan Siddique <numans at ovn.org>

(cherry-picked from master commit b865e502293b8504812b062321be442805f46d4a)


  Commit: 17f6ae586dcbdef405eac52bc57fa79fe295f864
      https://github.com/ovn-org/ovn/commit/17f6ae586dcbdef405eac52bc57fa79fe295f864
  Author: Frode Nordahl <frode.nordahl at canonical.com>
  Date:   2021-03-12 (Fri, 12 Mar 2021)

  Changed paths:
    M northd/ovn-northd.c

  Log Message:
  -----------
  northd: Add Controller_Event RBAC rules

The use of the Controller_Event table does currently not work
when RBAC is enabled.

Fixes: be1eeb09d ("OVN: introduce Controller_Event table")
Signed-off-by: Frode Nordahl <frode.nordahl at canonical.com>
Signed-off-by: Numan Siddique <numans at ovn.org>

(cherry-picked from master commit 51f2629cda614d0712ca13f4b51e30c9c2290bc1)


Compare: https://github.com/ovn-org/ovn/compare/70b8b124e598...17f6ae586dcb


More information about the git mailing list