Hi, I'm adding Akihiro to the thread as maybe he will have some more knowledge about why it is like that in Neutron. On Mon, Sep 07, 2020 at 07:52:54AM +0000, Zhi CZ Chang wrote:
Hi, all
I have a question about Neutron Policy.
I create some neutron policies in the file /etc/neutron/policy.json, plus in this policy file, I don't want to anyone to create address scope and set " "create_address_scope": "!" ".
After that, I execute the command line " openstack address scope create test " by the admin user and it works fine.
This is not my expected.
After some investigation, I find that in this pr[1], it will return True directly even if the admin user.
Could someone tell me why the admin user can do anything without the control of policies? Or maybe I make some mistakes?
Thanks
1. https://review.opendev.org/#/c/175238/11/neutron/policy.py
-- Slawek Kaplonski Principal software engineer Red Hat