as a tenant user not able to create a subnetpool associating with a shared address scope

This was tested with Ocata

This is a valid use case and we supported this use case in the past.
I can reproduce this in Pike master.

Got a chance to discuss this with Akihiro, basically the below is the usecase.

"we create a shared addr scope in admin tenant, and then we can create a provider network (as external) and tenants can create networks in a same address scope"

This is very useful for BGP usecase.

In my understanding, we cannot create subnet pools whose IP address range overlaps in a whole address scope, so we can allow non-admin project to create a subnet pool from a shared address scope. However, I believe we need to check more folks familiar with the L3 area on whether there is a reason we have the current behavior.

https://review.openstack.org/#/c/474552/

The behavior reported in this bug in Ocata and master is the expected behavior. Please read the first paragraph of the "Proposed Change" in the spec for address scopes: https://specs.openstack.org/openstack/neutron-specs/specs/mitaka/address-scopes.html#proposed-change. This spec is correctly reflected in the original implementation of address scopes: https://review.openstack.org/#/c/197552/15/neutron/db/db_base_plugin_v2.py@707.

This doesn't mean that it is not possible to discuss new use cases. But given that the current behavior is what was specified, we should proceed with caution following the Request for Feature Enhancement process: https://docs.openstack.org/developer/neutron/policies/blueprints.html#neutron-request-for-feature-enhancements

I also want to point out that the use case as spelled out above in https://bugs.launchpad.net/neutron/+bug/1697925/comments/3 can be implemented with the current functionality. The implementation of this use case is explained here: https://docs.openstack.org/ocata/networking-guide/config-address-scopes.html#routing-with-address-scopes-for-non-privileged-users

This bug has had a related patch abandoned and has been automatically un-assigned due to inactivity. Please re-assign yourself if you are continuing work or adjust the state as appropriate if it is no longer valid.

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: master
Review: https://review.openstack.org/474552
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Fix proposed to branch: master
Review: https://review.opendev.org/712633

Reviewed: https://review.opendev.org/709122
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=eb6104c0ac61216234ea958f2fd322e70b8e4bec
Submitter: Zuul
Branch: master

commit eb6104c0ac61216234ea958f2fd322e70b8e4bec
Author: Igor Malinovskiy <email address hidden>
Date: Mon Feb 17 15:01:28 2020 +0200

    Allow sharing of address scopes via RBAC mechanism

    Neutron-lib api ref: https://review.opendev.org/#/c/707407/
    Client: https://review.opendev.org/#/c/709124/
    Tempest tests: https://review.opendev.org/#/c/711610/

    Change-Id: I74bedae4de4eb25e5427ecb129543885a020a0a8
    Depends-On: https://review.opendev.org/712633
    Partial-Bug: #1862968
    Closes-Bug: #1697925