2016-05-01 06:50:44 |
Alex Stafeyev |
description |
I was trying update "target_tenant" field in the existing RBAC policy, The policy is "access_as_external" policy.
On an admin tenant, with an admin user, I created an external network. This automatically creates and "access_as_external" action RBAC policy with "*" value for "target_tenant" attribute.
+---------------+--------------------------------------+
| Field | Value |
+---------------+--------------------------------------+
| action | access_as_external |
| id | f09399eb-1829-4675-8155-4972b4378b9c |
| object_id | 0ff86006-8d7d-4e9b-ba11-960c7ff50dae |
| object_type | network |
| target_tenant | * |
| tenant_id | a654338c862f401a8665c3fbed289a75 |
+---------------+--------------------------------------+
I wanted to update the RBAC policy but encountered the following error:
"neutron rbac-update f09399eb-1829-4675-8155-4972b4378b9c --target_tenant a654338c862f401a8665c3fbed289a75
RBAC policy on object 0ff86006-8d7d-4e9b-ba11-960c7ff50dae cannot be removed because other objects depend on it.
Details: Callback neutron.plugins.ml2.plugin.Ml2Plugin._validate_ext_not_in_use_by_tenant failed with "'policy_tenant'"
Neutron server returns request_ids: ['req-218d22bd-f484-41e3-9908-798bb93ae149']"
The external network is not in use by any router/or any other object.
Reproduction steps:
Create a network with " router:external" attribute ( external network)
See rbac policy list and show the existing rbac policy for the external network (see object_id = network_id)
execute "neutron rbac-update RBACPOLICYID --target_tenant DESIRED_TENANT_ID"
Version:
MITAKA on rhel 7.2
AllInOne environment. (packstack installation) |
I was trying update "target_tenant" field in the existing RBAC policy, The policy is "access_as_external" policy.
On an admin tenant, with an admin user, I created an external network. This automatically creates and "access_as_external" action RBAC policy with "*" value for "target_tenant" attribute.
+---------------+--------------------------------------+
| Field | Value |
+---------------+--------------------------------------+
| action | access_as_external |
| id | f09399eb-1829-4675-8155-4972b4378b9c |
| object_id | 0ff86006-8d7d-4e9b-ba11-960c7ff50dae |
| object_type | network |
| target_tenant | * |
| tenant_id | a654338c862f401a8665c3fbed289a75 |
+---------------+--------------------------------------+
I wanted to update the RBAC policy but encountered the following error:
"neutron rbac-update f09399eb-1829-4675-8155-4972b4378b9c --target_tenant a654338c862f401a8665c3fbed289a75
RBAC policy on object 0ff86006-8d7d-4e9b-ba11-960c7ff50dae cannot be removed because other objects depend on it.
Details: Callback neutron.plugins.ml2.plugin.Ml2Plugin._validate_ext_not_in_use_by_tenant failed with "'policy_tenant'"
Neutron server returns request_ids: ['req-218d22bd-f484-41e3-9908-798bb93ae149']"
The external network is not in use by any router/or any other object.
Reproduction steps:
Create a network with " router:external" attribute ( external network)
See rbac policy list and show the existing rbac policy for the external network (see object_id = network_id)
execute "neutron rbac-update RBACPOLICYID --target_tenant DESIRED_TENANT_ID"
Version:
MITAKA on rhel 7.2
$rpm -qa | grep neutron
python-neutron-lib-0.0.2-1.el7.noarch
openstack-neutron-openvswitch-8.0.0-1.el7.noarch
openstack-neutron-8.0.0-1.el7.noarch
python-neutronclient-4.1.1-2.el7.noarch
python-neutron-8.0.0-1.el7.noarch
openstack-neutron-metering-agent-8.0.0-1.el7.noarch
openstack-neutron-ml2-8.0.0-1.el7.noarch
openstack-neutron-common-8.0.0-1.el7.noarch
AllInOne environment. (packstack installation) |
|