[openstack-dev] Interconnecting projects

Kevin Benton kevinbenton at buttewifi.com
Thu Jun 25 19:13:34 UTC 2015


Hi, creating rbac entries by non-admins will be controlled by policy.json.
So you can enable it or disable it there.

> Also is the action access_as_external available now ?

Not yet. The code is still under review.

On Thu, Jun 25, 2015 at 10:15 AM, Assaf Muller <amuller at redhat.com> wrote:

> I'll defer to Kevin, the spec author, but you should know that the
> implementation is not merged yet.
>
> ----- Original Message -----
> > Hi Assaf,
> >
> > Now reading the rbac network specs carefully, I believe it does allow
> private
> > networks to be shared to other tenants by non-admin users.
> >
> > So the command " neutron rbac create < net - uuid | net - name > -- type
> > network -- tenant - id < tenant - uuid > -- action access_a
> > s_shared " - can this be only used by an admin ? From the specs, it did
> not
> > seem so.
> >
> > Also is the action access_as_external available now ?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Tue, Jun 2, 2015 at 9:14 PM, Assaf Muller < amuller at redhat.com >
> wrote:
> >
> >
> > Check out:
> >
> http://specs.openstack.org/openstack/neutron-specs/specs/liberty/rbac-networks.html
> > If I understand correctly, what Anik is probably asking for is way to
> connect
> > two OpenStack projects together from a network point of view, where a
> > private network in Project1 can be connected to a Router in Project2.
> AFAIK,
> > I don't think we are planning to expose such model in RBAC where a tenant
> > (non-admin) has a way control who can see/connect-to his/her resources.
> >
> > @Anik, please correct me if I am wrong.
> >
> >
> >
> >
> > Kevin is trying to solve exactly this problem. We're really hoping to
> land it
> > in
> > time for Liberty.
> >
> > ----- Original Message -----
> > > Hi,
> > >
> > > Trying to understand if somebody has come across the following
> scenario:
> > >
> > > I have a two projects: Project 1 and Project 2
> > >
> > > I have a neutron private network in Project 1, that I want to connect
> that
> > > private network to a neutron port in Project 2.
> > >
> > > This does not seem to be possible without using admin credentials. I
> am not
> > > talking about a shared provider network here.
> > >
> > > It seems that the problem lies in the fact that there is no data model
> > > today
> > > that lets one Project have knowledge about any other Project inside the
> > > same
> > > OpenStack region.
> > >
> > > Any pointers there will be helpful.
> > > Regards,
> > > Anik
> >
> > >
> > >
> __________________________________________________________________________
> > > OpenStack Development Mailing List (not for usage questions)
> > > Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >
> > >
> >
> >
> __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >
> >
> >
> >
> __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >
> >
> >
> >
> __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150625/73219143/attachment.html>


More information about the OpenStack-dev mailing list