| 2016-05-01 06:50:32 |
Alex Stafeyev |
description |
On an admin tenant, with an admin user, I created an external network. This automatically creates and "access_as_external" action RBAC policy with "*" value for "target_tenant" attribute.
I deleted this RBAC policy and manually create a new one with two tenants IDs in the "target_tenant field".
$ openstack project list
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| 1cdeee0a38b943859f23750a651db12c | demo |
| 8d3f62906c3949e4a2832df2b86c71e8 | services |
| a654338c862f401a8665c3fbed289a75 | admin |
| b0dc258dd3204bf99750589d1ed23996 | tenantA | <--------
+----------------------------------+----------+
$ neutron rbac-create admin-ext --action access_as_external --target-tenant a654338c862f401a8665c3fbed289a75,b0dc258dd3204bf99750589d1ed23996 --type network
Created a new rbac_policy:
+---------------+-------------------------------------------------------------------+
| Field | Value |
+---------------+-------------------------------------------------------------------+
| action | access_as_external |
| id | 3fc0bc16-685e-431a-8460-85ad5f8c3d96 |
| object_id | 1f2405cd-90ab-439c-9061-e99d9c6c7a35 |
| object_type | network |
| target_tenant | a654338c862f401a8665c3fbed289a75,b0dc258dd3204bf99750589d1ed23996 |
| tenant_id | a654338c862f401a8665c3fbed289a75 |
+---------------+-------------------------------------------------------------------+
$ . keystonerc_tenantA
$ neutron net-list
<---- we should see the network
$
Reproduction:
1. create external network.
2. delete its "access_as_external" rbac policy
3. Create a new rbac policy :
neutron rbac-create EXT_NET_ID --action access_as_external --target-tenant TENANT_ID1,TENANT_ID2 --type network
Version:
Mitaka on thel 7.2
packstack installation
All In One |
On an admin tenant, with an admin user, I created an external network. This automatically creates and "access_as_external" action RBAC policy with "*" value for "target_tenant" attribute.
I deleted this RBAC policy and manually create a new one with two tenants IDs in the "target_tenant field".
$ openstack project list
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| 1cdeee0a38b943859f23750a651db12c | demo |
| 8d3f62906c3949e4a2832df2b86c71e8 | services |
| a654338c862f401a8665c3fbed289a75 | admin |
| b0dc258dd3204bf99750589d1ed23996 | tenantA | <--------
+----------------------------------+----------+
$ neutron rbac-create admin-ext --action access_as_external --target-tenant a654338c862f401a8665c3fbed289a75,b0dc258dd3204bf99750589d1ed23996 --type network
Created a new rbac_policy:
+---------------+-------------------------------------------------------------------+
| Field | Value |
+---------------+-------------------------------------------------------------------+
| action | access_as_external |
| id | 3fc0bc16-685e-431a-8460-85ad5f8c3d96 |
| object_id | 1f2405cd-90ab-439c-9061-e99d9c6c7a35 |
| object_type | network |
| target_tenant | a654338c862f401a8665c3fbed289a75,b0dc258dd3204bf99750589d1ed23996 |
| tenant_id | a654338c862f401a8665c3fbed289a75 |
+---------------+-------------------------------------------------------------------+
$ . keystonerc_tenantA
$ neutron net-list
<---- we should see the network
$
Reproduction:
1. create external network.
2. delete its "access_as_external" rbac policy
3. Create a new rbac policy :
neutron rbac-create EXT_NET_ID --action access_as_external --target-tenant TENANT_ID1,TENANT_ID2 --type network
Version:
Mitaka on thel 7.2
$rpm -qa | grep neutron
python-neutron-lib-0.0.2-1.el7.noarch
openstack-neutron-openvswitch-8.0.0-1.el7.noarch
openstack-neutron-8.0.0-1.el7.noarch
python-neutronclient-4.1.1-2.el7.noarch
python-neutron-8.0.0-1.el7.noarch
openstack-neutron-metering-agent-8.0.0-1.el7.noarch
openstack-neutron-ml2-8.0.0-1.el7.noarch
openstack-neutron-common-8.0.0-1.el7.noarch
packstack installation
All In One |
|
