neutron

[rfe] Add RBAC for subnet pools

Bug #1862032 reported by Igor Malinovskiy on 2020-02-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Undecided	Igor Malinovskiy

Bug Description

Currently, RBAC for subnet pool is missing in Neutron but it will valuable feature for cloud administrators.

This feature depends on RBAC support for AS.
When SNP is shared via RBAC policy to a target project, we should check that the target project has permissions to appropriate AS.

Adds "subnetpool" as a supported RBAC type:

Neutron-lib:
https://review.opendev.org/#/c/705998

Neutron:
WIP

Tempest tests:
TBD

Client:
TBD

See original description

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-02-05: Fix proposed to neutron-lib (master)

Fix proposed to branch: master
Review: https://review.opendev.org/705998

Changed in neutron:
assignee:	nobody → Igor Malinovskiy (imalinovskiy)
status:	New → In Progress

Igor Malinovskiy (imalinovskiy) on 2020-02-05

summary:	- Add RBAC for subnet pools + [rfe] Add RBAC for subnet pools
description:	updated

Revision history for this message

Lajos Katona (lajos-katona) wrote on 2020-02-07:

This should be a topic for the driver's meeting as this is an rfe

Revision history for this message

Slawek Kaplonski (slaweq) wrote on 2020-02-14:

Hi,

I will add this RFE to the agenda of our next drivers meeting: http://eavesdrop.openstack.org/#Neutron_drivers_Meeting - so it would be great if You could join there if there would be any additional questions. But RFE should be discussed even if You will not be able to attend this meeting.

tags:

added: rfe-triaged

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2020-02-17:

RBAC for address scope is proposed in bug 1862968.
Address scope and subnet pool are related things, so I think both are worth discussing together.

Revision history for this message

Slawek Kaplonski (slaweq) wrote on 2020-02-21:

On the drivers meeting we decided to approve this RFE together with https://bugs.launchpad.net/neutron/+bug/1862968
We will likely see proposed spec which will describe in more details relationship between those 2 RFEs before going with implementation of it.

tags:

added: rfe-approved
removed: rfe-triaged

Igor Malinovskiy (imalinovskiy) on 2020-02-24

description:

updated

Slawek Kaplonski (slaweq) on 2020-02-28

tags:

removed: rfe

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-03-02: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/710755

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-03-02: Fix merged to neutron-lib (master)

Reviewed: https://review.opendev.org/705998
Committed: https://git.openstack.org/cgit/openstack/neutron-lib/commit/?id=ae5eb24c78bddb0b7be89b47b6ca49965f20ff73
Submitter: Zuul
Branch: master

commit ae5eb24c78bddb0b7be89b47b6ca49965f20ff73
Author: Igor Malinovskiy <email address hidden>
Date: Wed Feb 5 17:50:47 2020 +0200

Introduce rbac-subnetpool api extension

This extension makes it possible to add subnetpools to RBAC policies.

    Change-Id: I1238430c40fe7132bad4eea573a638c0c47a5e78
    Depends-On: https://review.openstack.org/707407
    Partial-Bug: #1862032

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-03-06: Fix proposed to neutron-tempest-plugin (master)

Fix proposed to branch: master
Review: https://review.opendev.org/711656

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-12: Fix merged to neutron (master)

Reviewed: https://review.opendev.org/710755
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=56b971bb42c69ea6865bed9b5fbc4ff372af0027
Submitter: Zuul
Branch: master

commit 56b971bb42c69ea6865bed9b5fbc4ff372af0027
Author: Igor Malinovskiy <email address hidden>
Date: Mon Feb 10 17:20:36 2020 +0200

Allow sharing of subnet pools via RBAC mechanism

    Neutron-lib api ref: https://review.opendev.org/705998/
    Client: https://review.opendev.org/#/c/712705/
    Tempest tests: https://review.opendev.org/#/c/711656/

    Change-Id: I1d6125513cd8cb088b84c92497866f78955019a9
    Partial-Bug: #1862032
    Depends-On: https://review.opendev.org/709122

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-14: Fix merged to neutron-tempest-plugin (master)

#10

Reviewed: https://review.opendev.org/711656
Committed: https://git.openstack.org/cgit/openstack/neutron-tempest-plugin/commit/?id=649c018b3e7998e796ca9d8ac8624664b8f03f98
Submitter: Zuul
Branch: master

commit 649c018b3e7998e796ca9d8ac8624664b8f03f98
Author: Igor Malinovskiy <email address hidden>
Date: Fri Mar 6 17:30:47 2020 +0200

Add tempest api tests for subnet pools RBAC

    Change-Id: Ie6e26acd5e9c3acd2ee86a9c354c4a2934aa4bce
    Partial-Bug: #1862032
    Depends-On: https://review.opendev.org/#/c/710755/

Bernard Cafarelli (bcafarel) on 2020-04-21

tags:

added: neutron-proactive-backport-potential

Slawek Kaplonski (slaweq) on 2020-09-04

Changed in neutron:
status:	In Progress → Fix Released
tags:	removed: neutron-proactive-backport-potential

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related blueprints

Add RBAC support for address scopes and subnet pools

Remote bug watches

Bug watches keep track of this bug in other bug trackers.