diff mbox series

[ovs-dev,v2,2/9] northd: Add missing RBAC rules for FDB table

Message ID 12c6eac5f0876cd785c72b16c80fbd5d73906f21.1614945892.git.frode.nordahl@canonical.com
State Accepted
Headers show
Series Fix missing RBAC rules and enable testing | expand

Commit Message

Frode Nordahl March 5, 2021, 12:16 p.m. UTC 
The recently added FDB table did not get its RBAC rules which
would prohibit a `ovn-controller` from updating it with RBAC
enabled.

Fixes: 6ec3b1259 ("MAC learning: Add a new FDB table in southbound db")
Signed-off-by: Frode Nordahl <frode.nordahl@canonical.com>
---
 northd/ovn-northd.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)
diff mbox series

Patch

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index bafcb51e9..bb8f3032c 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -13248,6 +13248,11 @@  static const char *rbac_encap_auth[] =
 static const char *rbac_encap_update[] =
     {"type", "options", "ip"};
 
+static const char *rbac_fdb_auth[] =
+    {""};
+static const char *rbac_fdb_update[] =
+    {"dp_key", "mac", "port_key"};
+
 static const char *rbac_port_binding_auth[] =
     {""};
 static const char *rbac_port_binding_update[] =
@@ -13300,6 +13305,14 @@  static struct rbac_perm_cfg {
         .update = rbac_encap_update,
         .n_update = ARRAY_SIZE(rbac_encap_update),
         .row = NULL
+    },{
+        .table = "FDB",
+        .auth = rbac_fdb_auth,
+        .n_auth = ARRAY_SIZE(rbac_fdb_auth),
+        .insdel = true,
+        .update = rbac_fdb_update,
+        .n_update = ARRAY_SIZE(rbac_fdb_update),
+        .row = NULL
     },{
         .table = "Port_Binding",
         .auth = rbac_port_binding_auth,