© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Contrail Release: 3.2.3
Problem Description:
“Create Network” operation using GUI is failing for certain tenants even though “virtual_network” object has been assigned “Create” rights for “_member_”.
This is only affecting tenants that existed before enabling RBAC feature. We created some new tenants and we were able to successfully create new networks using the same tenant users.
Also issue is not only tied to "virtual network" creation, any new object creation under pre-existing tenants is also experiencing the same error
This has been identified as a known limitation. Objects (including projects) created prior to enabling RBAC will not be accessible to non-admin users after RBAC is enabled. This is because the ‘onwer’ field for such objects is set to ‘service’ tenant (which is because neutron didn’t pass the tenant information correctly), making them accessible to only ‘service’ tenant.
This LP defect is for an enhancement request to fix this behavior in upcoming releases where enabling RBAC should also make ownership changes of objects accordingly under pre-existing tenants.
Current workaround is to manually change the ownership of objects including projects using "/opt/contrail/