Neutron RBAC API and network support
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Expired
|
Undecided
|
Unassigned | ||
openstack-manuals |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
https:/
commit 4595899f7f2b377
Author: Kevin Benton <email address hidden>
Date: Tue Jun 16 23:43:59 2015 -0700
Neutron RBAC API and network support
This adds the new API endpoint to create, update, and delete
role-based access control entries. These entries enable tenants
to grant access to other tenants to perform an action on an object
they do not own.
This was previously done using a single 'shared' flag; however, this
was too coarse because an object would either be private to a tenant
or it would be shared with every tenant.
In addition to introducing the API, this patch also adds support to
for the new entries in Neutron networks. This means tenants can now
share their networks with specific tenants as long as they know the
tenant ID.
This feature is backwards-
attribute in the API. So if a deployer doesn't want this new feature
enabled, all of the RBAC operations can be blocked in policy.json and
networks can still be globally shared in the legacy manner.
Even though this feature is referred to as role-based access control,
this first version only supports sharing networks with specific
tenant IDs because Neutron currently doesn't have integration with
Keystone to handle changes in a tenant's roles/groups/etc.
DocImpact
APIImpact
Change-Id: Ib90e2a931df068
Partially-
Changed in openstack-api-site: | |
assignee: | nobody → Atsushi SAKAI (sakaia) |
status: | New → Confirmed |
Changed in openstack-manuals: | |
status: | New → Won't Fix |
affects: | openstack-api-site → neutron |
tags: | added: access-control |
This bug is > 180 days without activity. We are unsetting assignee and milestone and setting status to Incomplete in order to allow its expiry in 60 days.
If the bug is still valid, then update the bug status.