diff mbox series

[ovs-dev,4/4] rbac: Only allow relevant chassis to update BFD.

Message ID 20240119213331.454896-4-mmichels@redhat.com
State Superseded
Headers show
Series [ovs-dev,1/4] rbac: MAC_Bindings can only be updated by the inserting chassis. | expand

Checks

Context Check Description
ovsrobot/apply-robot warning apply and check: warning
ovsrobot/github-robot-_Build_and_Test fail github build: failed
ovsrobot/github-robot-_ovn-kubernetes success github build: passed

Commit Message

Mark Michelson Jan. 19, 2024, 9:33 p.m. UTC 
This adds a new "chassis_name" column to the BFD table. ovn-northd sets
this to the logical port's chassis name when creating the BFD record.
RBAC has been updated so that chassis may only update their own records.
---
 northd/northd.c     | 9 ++++++++-
 northd/ovn-northd.c | 2 +-
 ovn-sb.ovsschema    | 5 +++--
 ovn-sb.xml          | 4 ++++
 4 files changed, 16 insertions(+), 4 deletions(-)

Comments

0-day Robot Jan. 19, 2024, 9:46 p.m. UTC | #1 
Bleep bloop.  Greetings Mark Michelson, I am a robot and I have tried out your patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
ERROR: Author Mark Michelson <mmichels@redhat.com> needs to sign off.
Lines checked: 112, Warnings: 0, Errors: 1


Please check this out.  If you feel there has been an error, please email aconole@redhat.com

Thanks,
0-day Robot
diff mbox series

Patch

diff --git a/northd/northd.c b/northd/northd.c
index 9821fcef5..793fc13f5 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -10808,6 +10808,7 @@  build_bfd_table(struct ovsdb_idl_txn *ovnsb_txn,
             nbrec_bfd_set_status(nb_bt, "admin_down");
         }
 
+        struct ovn_port *op = ovn_port_find(lr_ports, nb_bt->logical_port);
         bfd_e = bfd_port_lookup(&sb_only, nb_bt->logical_port, nb_bt->dst_ip);
         if (!bfd_e) {
             int udp_src = bfd_get_unused_port(bfd_src_ports);
@@ -10821,6 +10822,9 @@  build_bfd_table(struct ovsdb_idl_txn *ovnsb_txn,
             sbrec_bfd_set_disc(sb_bt, 1 + random_uint32());
             sbrec_bfd_set_src_port(sb_bt, udp_src);
             sbrec_bfd_set_status(sb_bt, nb_bt->status);
+            if (op && op->sb && op->sb->chassis) {
+                sbrec_bfd_set_chassis_name(sb_bt, op->sb->chassis->name);
+            }
 
             int min_tx = nb_bt->n_min_tx ? nb_bt->min_tx[0] : BFD_DEF_MINTX;
             sbrec_bfd_set_min_tx(sb_bt, min_tx);
@@ -10839,6 +10843,10 @@  build_bfd_table(struct ovsdb_idl_txn *ovnsb_txn,
                 }
             }
             build_bfd_update_sb_conf(nb_bt, bfd_e->sb_bt);
+            if (op && op->sb && op->sb->chassis &&
+                strcmp(op->sb->chassis->name, sb_bt->chassis_name)) {
+                sbrec_bfd_set_chassis_name(sb_bt, op->sb->chassis->name);
+            }
 
             hmap_remove(&sb_only, &bfd_e->hmap_node);
             bfd_e->ref = false;
@@ -10847,7 +10855,6 @@  build_bfd_table(struct ovsdb_idl_txn *ovnsb_txn,
             hmap_insert(bfd_connections, &bfd_e->hmap_node, hash);
         }
 
-        struct ovn_port *op = ovn_port_find(lr_ports, nb_bt->logical_port);
         if (op) {
             op->has_bfd = true;
         }
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 8f70d5241..c11744b3f 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -122,7 +122,7 @@  static const char *rbac_igmp_group_auth[] =
 static const char *rbac_igmp_group_update[] =
     {"address", "chassis", "datapath", "ports"};
 static const char *rbac_bfd_auth[] =
-    {""};
+    {"chassis_name"};
 static const char *rbac_bfd_update[] =
     {"status"};
 
diff --git a/ovn-sb.ovsschema b/ovn-sb.ovsschema
index 0e601f4e3..26c9ae75f 100644
--- a/ovn-sb.ovsschema
+++ b/ovn-sb.ovsschema
@@ -1,7 +1,7 @@ 
 {
     "name": "OVN_Southbound",
     "version": "20.33.0",
-    "cksum": "3042447672 31328",
+    "cksum": "4078434013 31380",
     "tables": {
         "SB_Global": {
             "columns": {
@@ -579,7 +579,8 @@ 
                              "min": 0, "max": "unlimited"}},
                 "options": {
                     "type": {"key": "string", "value": "string",
-                             "min": 0, "max": "unlimited"}}},
+                             "min": 0, "max": "unlimited"}},
+                "chassis_name": {"type": "string"}},
             "indexes": [["logical_port", "dst_ip", "src_port", "disc"]],
             "isRoot": true},
         "FDB": {
diff --git a/ovn-sb.xml b/ovn-sb.xml
index 833e53114..629c78095 100644
--- a/ovn-sb.xml
+++ b/ovn-sb.xml
@@ -4992,6 +4992,10 @@  tcp.flags = RST;
         receiving system in Asynchronous mode.
       </column>
 
+      <column name="chassis_name">
+        The name of the chassis where the logical port is bound.
+      </column>
+
       <column name="options">
         Reserved for future use.
       </column>