diff --git a/neutron_lib/api/definitions/qos.py b/neutron_lib/api/definitions/qos.py index 2b76990ba..64a8b30df 100644 --- a/neutron_lib/api/definitions/qos.py +++ b/neutron_lib/api/definitions/qos.py @@ -94,6 +94,7 @@ RESOURCE_ATTRIBUTE_MAP = { 'allow_put': True, 'is_visible': True, 'default': None, + 'enforce_policy': True, 'validate': {'type:uuid_or_none': None} } }, @@ -103,6 +104,7 @@ RESOURCE_ATTRIBUTE_MAP = { 'allow_put': True, 'is_visible': True, 'default': None, + 'enforce_policy': True, 'validate': {'type:uuid_or_none': None} } } diff --git a/neutron_lib/api/definitions/qos_fip.py b/neutron_lib/api/definitions/qos_fip.py index 642fef19a..57f5e85d5 100644 --- a/neutron_lib/api/definitions/qos_fip.py +++ b/neutron_lib/api/definitions/qos_fip.py @@ -31,6 +31,7 @@ RESOURCE_ATTRIBUTE_MAP = { 'allow_put': True, 'is_visible': True, 'default': None, + 'enforce_policy': True, 'validate': {'type:uuid_or_none': None}} } } diff --git a/releasenotes/notes/bug-1957175-6b2705d4772df7de.yaml b/releasenotes/notes/bug-1957175-6b2705d4772df7de.yaml new file mode 100644 index 000000000..4b7cd4f84 --- /dev/null +++ b/releasenotes/notes/bug-1957175-6b2705d4772df7de.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Enforce policy for 'qos_policy_id' attribute of + port, network and fip so only authorized users + can set/unset it. + For more info see `bug LP#1957175 `_.