neutron

[rfe] Add RBAC support for address scopes

Bug #1862968 reported by Igor Malinovskiy on 2020-02-12

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Wishlist	Igor Malinovskiy

Bug Description

Currently, RBAC for address scopes is missing in Neutron but it will valuable feature for cloud administrators.

This feature is required to add RBAC support for SNP. AS can be assigned to SNP and an administrator should be able to share SNP to the target project only if the target project has access to appropriate AS.

Adds "address_scopes" as a supported RBAC type:

Neutron-lib:
https://review.opendev.org/#/c/707407/

Neutron:
https://review.opendev.org/#/c/709122/

Tempest tests:
TBD

Client:
https://review.opendev.org/#/c/709124/

See original description

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-02-12: Fix proposed to neutron-lib (master)

Fix proposed to branch: master
Review: https://review.opendev.org/707407

Changed in neutron:
assignee:	nobody → Igor Malinovskiy (imalinovskiy)
status:	New → In Progress

Akihiro Motoki (amotoki) on 2020-02-17

Changed in neutron:
importance:	Undecided → Wishlist

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2020-02-17:

It looks straight-forward and makes sense to me. It is related to bug 1862032 which proposes RBAC for subnet pools.
Address pools need to be configured properly before creating subnet pools, so I think these two are tightly coupled and worth discussing together.

tags:

added: rfe-confirmed

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2020-02-17:

I am changing this to rfe-triaged as I think we can discuss it along with bug 1862032 "RBAC for subnet pools"

tags:

added: rfe-triaged
removed: rfe-confirmed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-02-21: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/709122

Igor Malinovskiy (imalinovskiy) on 2020-02-21

description:

updated

Revision history for this message

Slawek Kaplonski (slaweq) wrote on 2020-02-21:

On the drivers meeting we decided to approve this RFE together with https://bugs.launchpad.net/neutron/+bug/1862032
We will likely see proposed spec which will describe in more details relationship between those 2 RFEs before going with implementation of it.

tags:

added: rfe-approved
removed: rfe-triaged

Igor Malinovskiy (imalinovskiy) on 2020-02-24

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-02-28: Fix merged to neutron-lib (master)

Reviewed: https://review.opendev.org/707407
Committed: https://git.openstack.org/cgit/openstack/neutron-lib/commit/?id=1dfa07ccfd81d21e5e03fdfbd5cdf871f9a17d01
Submitter: Zuul
Branch: master

commit 1dfa07ccfd81d21e5e03fdfbd5cdf871f9a17d01
Author: Igor Malinovskiy <email address hidden>
Date: Wed Feb 12 17:21:18 2020 +0200

Introduce rbac-address-scope api extension

This extension makes it possible to add address scope to RBAC policies.

Change-Id: I9c77a53cf8d91d27ce1aaebfa12c31f2ae823006
Partial-Bug: #1862968

Slawek Kaplonski (slaweq) on 2020-02-28

tags:

removed: rfe

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-03-06: Fix proposed to neutron-tempest-plugin (master)

Fix proposed to branch: master
Review: https://review.opendev.org/711610

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-03-12:

Fix proposed to branch: master
Review: https://review.opendev.org/712633

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-02: Fix merged to neutron-tempest-plugin (master)

Reviewed: https://review.opendev.org/712633
Committed: https://git.openstack.org/cgit/openstack/neutron-tempest-plugin/commit/?id=a33bd6ee1feb7e23a9333ebba3a88e886bed1b78
Submitter: Zuul
Branch: master

commit a33bd6ee1feb7e23a9333ebba3a88e886bed1b78
Author: Igor Malinovskiy <email address hidden>
Date: Thu Mar 12 11:59:27 2020 +0200

Disable negative subnetpool test

Temporary disable negative test that forbids assigning
shared address scope to subnet pool for tenant users.

Change-Id: I13dd36b3364b7a0f3241efa6ba5f8c3b2246f167
Partial-Bug: #1862968

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-06: Fix merged to neutron (master)

#10

Reviewed: https://review.opendev.org/709122
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=eb6104c0ac61216234ea958f2fd322e70b8e4bec
Submitter: Zuul
Branch: master

commit eb6104c0ac61216234ea958f2fd322e70b8e4bec
Author: Igor Malinovskiy <email address hidden>
Date: Mon Feb 17 15:01:28 2020 +0200

Allow sharing of address scopes via RBAC mechanism

    Neutron-lib api ref: https://review.opendev.org/#/c/707407/
    Client: https://review.opendev.org/#/c/709124/
    Tempest tests: https://review.opendev.org/#/c/711610/

    Change-Id: I74bedae4de4eb25e5427ecb129543885a020a0a8
    Depends-On: https://review.opendev.org/712633
    Partial-Bug: #1862968
    Closes-Bug: #1697925

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-15: Fix merged to neutron-tempest-plugin (master)

#11

Reviewed: https://review.opendev.org/711610
Committed: https://git.openstack.org/cgit/openstack/neutron-tempest-plugin/commit/?id=b80f1d0be3b0d3365fc01d0774a9e3357b339630
Submitter: Zuul
Branch: master

commit b80f1d0be3b0d3365fc01d0774a9e3357b339630
Author: Igor Malinovskiy <email address hidden>
Date: Fri Mar 6 13:39:52 2020 +0200

Add tempest api tests for address scopes RBAC

    Change-Id: I0a625019ab7495a71125edbd37d9005a4675b86b
    Partial-Bug: #1862968
    Depends-On: https://review.opendev.org/709122

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-15: Related fix proposed to neutron (master)

#12

Related fix proposed to branch: master
Review: https://review.opendev.org/720248

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-04-16: Related fix merged to neutron (master)

#13

Reviewed: https://review.opendev.org/720248
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=8d85b356293d2a5f702523dfc0d21039abdd84fc
Submitter: Zuul
Branch: master

commit 8d85b356293d2a5f702523dfc0d21039abdd84fc
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Wed Apr 15 17:29:04 2020 +0000

Add "rbac-address-scope" to OVN supported extensions

Change-Id: I938f9bca3e0477819a07cdb600facd2ebbae40be
Related-Bug: #1862968

Slawek Kaplonski (slaweq) on 2022-02-23

Changed in neutron:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1697925

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related blueprints

Add RBAC support for address scopes and subnet pools

Remote bug watches

Bug watches keep track of this bug in other bug trackers.