neutron

RBAC-RFE- neutron net-show command should display all tenant that using the network

Bug #1504941 reported by Eran Kuris
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Expired
Wishlist
Unassigned

Bug Description

On rdo- liberty I thested neutron rbac feature .
when network assigned to more then 1 tenant we still see one tenant in neutron net-show <id>
[root@cougar16 ~(keystone_admin)]# neutron net-show 590ca7b9-1682-4c40-8213-02feaa7a96cc
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 590ca7b9-1682-4c40-8213-02feaa7a96cc |
| mtu | 0 |
| name | internal_ipv4_a |
| provider:network_type | vxlan |
| provider:physical_network | |
| provider:segmentation_id | 70 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | 9a1a387e-88cf-484a-8b12-5a1834be0233 |
| tenant_id | fa4add4659704239b771b0bccb8b6829 |
+---------------------------+--------------------------------------+

this network shared in 2 tenants :
[root@cougar16 ~(keystone_admin)]# neutron rbac-list
+--------------------------------------+--------------------------------------+
| id | object_id |
+--------------------------------------+--------------------------------------+
| 4f1a9c9d-e820-46e4-b431-b3142c6bb245 | 818dd42f-f627-45d4-a578-dd475b9e19e4 |
| 8c995ab1-dea6-411b-854c-a405cf5365fa | 590ca7b9-1682-4c40-8213-02feaa7a96cc |
| abb375b9-95d0-4297-80f1-3f22f0f84a9e | b071a769-0d50-4d25-8730-fed3dea13a2f |
| f3122b92-f47a-4a0f-a422-c9f7ed482341 | 590ca7b9-1682-4c40-8213-02feaa7a96cc |

[root@cougar16 ~(keystone_admin)]# rpm -qa |grep neutron
python-neutronclient-3.1.1-dev1.el7.centos.noarch
python-neutron-7.0.0.0-rc2.dev21.el7.centos.noarch
openstack-neutron-7.0.0.0-rc2.dev21.el7.centos.noarch
openstack-neutron-ml2-7.0.0.0-rc2.dev21.el7.centos.noarch
openstack-neutron-common-7.0.0.0-rc2.dev21.el7.centos.noarch
openstack-neutron-openvswitch-7.0.0.0-rc2.dev21.el7.centos.noarch

Revision history for this message
Armando Migliaccio (armando-migliaccio) wrote :

Kevin: any chance you could triage?

Changed in neutron:
assignee: nobody → Kevin Benton (kevinbenton)
Ihar Hrachyshka (ihar-hrachyshka)
tags: added: api
Changed in neutron:
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Assaf Muller (amuller) wrote :

It would be nice to add a field to networks (Or other resources shared with RBAC), something like 'shared_with' that would list all tenants this resource is shared with.

Armando Migliaccio (armando-migliaccio)
tags: added: access-control
Revision history for this message
Kevin Benton (kevinbenton) wrote :

This could end up making the API responses quite large for network retrievals. If someone builds a system that is granting network access to lots of different tenants in an automated fashion, this field could end up with hundreds/thousands of items. Is that something we would be okay with?

Revision history for this message
Armando Migliaccio (armando-migliaccio) wrote :

This bug is > 180 days without activity. We are unsetting assignee and milestone and setting status to Incomplete in order to allow its expiry in 60 days.

If the bug is still valid, then update the bug status.

Changed in neutron:
assignee: Kevin Benton (kevinbenton) → nobody
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status: Incomplete → Expired
Eran Kuris (ekuris)
Changed in neutron:
status: Expired → New
Revision history for this message
Ihar Hrachyshka (ihar-hrachyshka) wrote :

Eran, there is no new info to justify switching back to New.

Changed in neutron:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.