[RFE] SG shared through RBAC mechanism can't be used to spawn instances
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
In Progress
|
Medium
|
Hang Yang |
Bug Description
Since some time Security groups can be shared with specific tenants using RBAC mechanism but it's not possible to share SG that way with TARGET-PROJECT and then, as a member or admin in that TARGET-PROJECT spawn vm which will use that SG:
$ openstack server create --image cirros-
/usr/lib/
from cryptography.utils import int_from_bytes
/usr/lib/
from cryptography.utils import int_from_bytes
Error creating server: testsg004
Error creating server
It is like that because nova in https:/
Looking at neutron api-ref https:/
Now the question is - should we relax that filter and return SG which project owns and which are shared with tenant? Or should we add additional flag to API, like "include_shared" which could be used by Nova? Or maybe do You have any other ideas about how to solve that issue?
Changed in neutron: | |
status: | Confirmed → In Progress |
summary: |
- SG shared through RBAC mechanism can't be used to spawn instances + [RFE] SG shared through RBAC mechanism can't be used to spawn instances |
Related fix proposed to branch: master /review. opendev. org/c/openstack /neutron/ +/807878
Review: https:/