[ovs-dev,v2,4/9] northd: Add Controller_Event RBAC rules

Message ID	da7dfe9b418c5cb6bdfd098e7819ea3e56bbc69e.1614945892.git.frode.nordahl@canonical.com
State	Accepted
Headers	show Return-Path: <ovs-dev-bounces@openvswitch.org> From: Frode Nordahl <frode.nordahl@canonical.com> To: dev@openvswitch.org Date: Fri, 5 Mar 2021 13:16:26 +0100 Message-Id: <da7dfe9b418c5cb6bdfd098e7819ea3e56bbc69e.1614945892.git.frode.nordahl@canonical.com> In-Reply-To: <cover.1614945892.git.frode.nordahl@canonical.com> References: <CAH=CPzrGXE50YnkwnEkh+9k_eRqeo=6en-Aziv=yRBJqpumxMg@mail.gmail.com> <cover.1614945892.git.frode.nordahl@canonical.com> MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn v2 4/9] northd: Add Controller_Event RBAC rules Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" <ovs-dev-bounces@openvswitch.org>
Series	Fix missing RBAC rules and enable testing \| expand [ovs-dev,v2,0/9] Fix missing RBAC rules and enable testing [ovs-dev,v2,1/9] northd: Amend RBAC rules for Port_Binding table [ovs-dev,v2,2/9] northd: Add missing RBAC rules for FDB table [ovs-dev,v2,3/9] northd: Amend Chassis RBAC rules [ovs-dev,v2,4/9] northd: Add Controller_Event RBAC rules [ovs-dev,v2,5/9] northd-ddlog: Update RBAC rules [ovs-dev,v2,6/9] tests: Amend release stale port binding test for RBAC [ovs-dev,v2,7/9] tests: Use ovn_start in tests/ovn-controller.at [ovs-dev,v2,8/9] tests: Make certificate generation extendable [ovs-dev,v2,9/9] tests: Test with SSL and RBAC for controller by default

Message ID

da7dfe9b418c5cb6bdfd098e7819ea3e56bbc69e.1614945892.git.frode.nordahl@canonical.com

State

Accepted

Headers

From: Frode Nordahl <frode.nordahl@canonical.com>
To: dev@openvswitch.org
Date: Fri,  5 Mar 2021 13:16:26 +0100
Message-Id: 
 <da7dfe9b418c5cb6bdfd098e7819ea3e56bbc69e.1614945892.git.frode.nordahl@canonical.com>
In-Reply-To: <cover.1614945892.git.frode.nordahl@canonical.com>
References: 
 <CAH=CPzrGXE50YnkwnEkh+9k_eRqeo=6en-Aziv=yRBJqpumxMg@mail.gmail.com>
 <cover.1614945892.git.frode.nordahl@canonical.com>
MIME-Version: 1.0
Subject: [ovs-dev] [PATCH ovn v2 4/9] northd: Add Controller_Event RBAC rules
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Series

Fix missing RBAC rules and enable testing | expand

Commit Message

Frode Nordahl March 5, 2021, 12:16 p.m. UTC

The use of the Controller_Event table does currently not work
when RBAC is enabled.

Fixes: be1eeb09d ("OVN: introduce Controller_Event table")
Signed-off-by: Frode Nordahl <frode.nordahl@canonical.com>
---
 northd/ovn-northd.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index f85a3dcff..c4a3f2383 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -13248,6 +13248,12 @@  static const char *rbac_encap_auth[] =
 static const char *rbac_encap_update[] =
     {"type", "options", "ip"};
 
+static const char *rbac_controller_event_auth[] =
+    {""};
+static const char *rbac_controller_event_update[] =
+    {"chassis", "event_info", "event_type", "seq_num"};
+
+
 static const char *rbac_fdb_auth[] =
     {""};
 static const char *rbac_fdb_update[] =
@@ -13297,6 +13303,14 @@  static struct rbac_perm_cfg {
         .update = rbac_chassis_private_update,
         .n_update = ARRAY_SIZE(rbac_chassis_private_update),
         .row = NULL
+    },{
+        .table = "Controller_Event",
+        .auth = rbac_controller_event_auth,
+        .n_auth = ARRAY_SIZE(rbac_controller_event_auth),
+        .insdel = true,
+        .update = rbac_controller_event_update,
+        .n_update = ARRAY_SIZE(rbac_controller_event_update),
+        .row = NULL
     },{
         .table = "Encap",
         .auth = rbac_encap_auth,

[ovs-dev,v2,4/9] northd: Add Controller_Event RBAC rules

Commit Message

Patch