openstack/ironic
Code Issues Proposed changes
Files
4dd42796c041575ef9151fe54ce5bb475bd1a20c
ironic/releasenotes/notes/fix-member-user-access-around-port-update-86118701989d8a61.yaml
Julia Kreger 1f5755ec12 Only try and do deep network config validate if admin 
User mdfr reported an issue where a user with ironic, who
had member privileges of the node's owner project, reported
they would get an error about ironic being unable to validate
the cleaning network when trying to bind a baremetal port to
a portgroup.

This is rooted in checks to provide early feedback of ironic
configuration issues, which just work if a user is an admin
scoped user... However the networking client utilizes the
credentials from the task, meaning the credentials of the
user with member access.

That being said, we only need to do the additional checks
if the user is an "admin". Modifies the existing code
and test to test/assert the admin role.

Closes-Bug: 2100520
Change-Id: Idfbf0f58c9976bedb60e1eca1dd282875c89977f
2025-02-27 08:08:03 -08:00

9 lines
366 B
YAML
Raw Blame History

---
fixes:
- |
Fixes an issue with the ``neutron`` ``network_interface`` driver where
validate calls by ``member`` scoped API users, triggered through a port
update or explicit node interface validation action would fail due to
the user being unable to resolve provisioning or cleaning networks
because the networks are in a different project.
View Git Blame Copy Permalink