<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px"><div id="yui_3_16_0_1_1435070317715_5871"><span>Hi Assaf,</span></div><div id="yui_3_16_0_1_1435070317715_5871"><span><br></span></div><div id="yui_3_16_0_1_1435070317715_5871"><span id="yui_3_16_0_1_1435070317715_5986">Now reading the rbac network specs carefully, I believe it does allow private networks to be shared to other tenants by non-admin users. </span></div><div id="yui_3_16_0_1_1435070317715_5871"><span><br></span></div><div id="yui_3_16_0_1_1435070317715_5871"><span class="" style="" id="yui_3_16_0_1_1435070317715_9076">So the command "</span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);" id="yui_3_16_0_1_1435070317715_9157">neutron rbac create </span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);"><</span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);" id="yui_3_16_0_1_1435070317715_9160">net</span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);" id="yui_3_16_0_1_1435070317715_9161">-</span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);" id="yui_3_16_0_1_1435070317715_9162">uuid</span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">|</span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);" id="yui_3_16_0_1_1435070317715_9183">net</span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">-</span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">name</span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">></span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);"> </span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">--</span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);" id="yui_3_16_0_1_1435070317715_9185">type network </span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);" id="yui_3_16_0_1_1435070317715_9186">--</span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);" id="yui_3_16_0_1_1435070317715_9187">tenant</span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">-</span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">id </span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);"><</span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">tenant</span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">-</span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">uuid</span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">></span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);"> </span><span class="" style="color: rgb(102, 102, 0); font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">--</span><span class="" style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);">action access_a</span></div><div id="yui_3_16_0_1_1435070317715_5871" dir="ltr" class="" style=""><span style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);" class="" id="yui_3_16_0_1_1435070317715_9078">s_shared</span><span id="yui_3_16_0_1_1435070317715_9077">" - can this be only used by an admin ? From the specs, it did not seem so. </span></div><div id="yui_3_16_0_1_1435070317715_5871"><span><br></span></div><div id="yui_3_16_0_1_1435070317715_5871" dir="ltr"><span id="yui_3_16_0_1_1435070317715_9102" class="" style="">Also is the action </span><span style="font-family: monospace; font-size: 12px; white-space: pre; background-color: rgb(221, 255, 221);" class="" id="yui_3_16_0_1_1435070317715_9154">access_as_external</span> available now ?</div><div class="signature" id="yui_3_16_0_1_1435070317715_5873">  <div id="yui_3_16_0_1_1435070317715_5991"><br></div></div><br>  <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 13px;" id="yui_3_16_0_1_1435070317715_5877"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_1_1435070317715_5876"> <div dir="ltr" id="yui_3_16_0_1_1435070317715_5875"> </div><div class="y_msg_container" id="yui_3_16_0_1_1435070317715_5878"><div id="yiv9384624905"><div id="yui_3_16_0_1_1435070317715_5881"><div dir="ltr" id="yui_3_16_0_1_1435070317715_5880"><div id="yui_3_16_0_1_1435070317715_5936"><div class="yiv9384624905gmail_extra" id="yui_3_16_0_1_1435070317715_5935"><div class="yiv9384624905gmail_quote" id="yui_3_16_0_1_1435070317715_5934"><blockquote class="yiv9384624905gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;" id="yui_3_16_0_1_1435070317715_5933"><div class="qtdSeparateBR"><br><br></div><div class="yiv9384624905yqt5991555734" id="yiv9384624905yqt20421"><div dir="ltr" id="yui_3_16_0_1_1435070317715_5932"><div id="yui_3_16_0_1_1435070317715_5931"><div class="yiv9384624905gmail_extra" id="yui_3_16_0_1_1435070317715_5930"><div class="yiv9384624905gmail_quote" id="yui_3_16_0_1_1435070317715_5929"><blockquote class="yiv9384624905gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;" id="yui_3_16_0_1_1435070317715_5928"><div id="yui_3_16_0_1_1435070317715_5927"><div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;" id="yui_3_16_0_1_1435070317715_5926"><div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px;" id="yui_3_16_0_1_1435070317715_5925"><div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;" id="yui_3_16_0_1_1435070317715_5924"><div id="yui_3_16_0_1_1435070317715_5939"><div dir="ltr" id="yui_3_16_0_1_1435070317715_5938"><font face="Arial" size="2" id="yui_3_16_0_1_1435070317715_5937"><br clear="none"> </font> </div></div><div id="yui_3_16_0_1_1435070317715_5923"><div class="yiv9384624905h5" id="yui_3_16_0_1_1435070317715_5922"><div id="yui_3_16_0_1_1435070317715_5921"><div id="yui_3_16_0_1_1435070317715_5920"> <div id="yui_3_16_0_1_1435070317715_5919"><br clear="none"><div id="yui_3_16_0_1_1435070317715_5918"><div id="yui_3_16_0_1_1435070317715_5917"><div dir="ltr" id="yui_3_16_0_1_1435070317715_5916"><div id="yui_3_16_0_1_1435070317715_5915"><br clear="none"><div id="yui_3_16_0_1_1435070317715_5914">On Tue, Jun 2, 2015 at 9:14 PM, Assaf Muller <span dir="ltr" id="yui_3_16_0_1_1435070317715_8938"><<a rel="nofollow" shape="rect" ymailto="mailto:amuller@redhat.com" target="_blank" href="mailto:amuller@redhat.com" id="yui_3_16_0_1_1435070317715_8937">amuller@redhat.com</a>></span> wrote:<br clear="none"><blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;" id="yui_3_16_0_1_1435070317715_5913">Check out:<br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="http://specs.openstack.org/openstack/neutron-specs/specs/liberty/rbac-networks.html" id="yui_3_16_0_1_1435070317715_5912">http://specs.openstack.org/openstack/neutron-specs/specs/liberty/rbac-networks.html</a></blockquote><div id="yui_3_16_0_1_1435070317715_5957">If I understand correctly, what Anik is probably asking for is way to connect two OpenStack projects together from a network point of view, where a private network in Project1 can be connected to a Router in  Project2. AFAIK, I don't think we are planning to expose such model in RBAC where a tenant (non-admin) has a way control who can see/connect-to his/her resources.</div><div id="yui_3_16_0_1_1435070317715_8942"><br clear="none"></div><div id="yui_3_16_0_1_1435070317715_8939">@Anik, please correct me if I am wrong. </div><blockquote style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;" id="yui_3_16_0_1_1435070317715_5987"><br clear="none">
<br clear="none">
Kevin is trying to solve exactly this problem. We're really hoping to land it in<br clear="none">
time for Liberty.<br clear="none">
<br clear="none">
----- Original Message -----<br clear="none">
> Hi,<br clear="none">
><br clear="none">
> Trying to understand if somebody has come across the following scenario:<br clear="none">
><br clear="none">
> I have a two projects: Project 1 and Project 2<br clear="none">
><br clear="none">
> I have a neutron private network in Project 1, that I want to connect that<br clear="none">
> private network to a neutron port in Project 2.<br clear="none">
><br clear="none">
> This does not seem to be possible without using admin credentials. I am not<br clear="none">
> talking about a shared provider network here.<br clear="none">
><br clear="none">
> It seems that the problem lies in the fact that there is no data model today<br clear="none">
> that lets one Project have knowledge about any other Project inside the same<br clear="none">
> OpenStack region.<br clear="none">
><br clear="none">
> Any pointers there will be helpful.<br clear="none">
> Regards,<br clear="none">
> Anik<br clear="none"><br clear="none">
><br clear="none">
> __________________________________________________________________________<br clear="none">
> OpenStack Development Mailing List (not for usage questions)<br clear="none">
> Unsubscribe: <a rel="nofollow" shape="rect" target="_blank" href="http://OpenStack-dev-request@lists.openstack.org/?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br clear="none">
> <a rel="nofollow" shape="rect" target="_blank" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" id="yui_3_16_0_1_1435070317715_9240">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><div id="yui_3_16_0_1_1435070317715_9239"><br clear="none"><br clear="none"></div><div id="yui_3_16_0_1_1435070317715_9238"><br clear="none">
><br clear="none">
<br clear="none">
__________________________________________________________________________<br clear="none">
OpenStack Development Mailing List (not for usage questions)<br clear="none">
Unsubscribe: <a rel="nofollow" shape="rect" target="_blank" href="http://OpenStack-dev-request@lists.openstack.org/?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br clear="none">
</div></blockquote></div><div><br clear="none"></div></div></div></div></div><br clear="none"><br clear="none"></div> </div></div></div></div></div> </div>  </div></div></blockquote></div><br clear="none"></div></div></div></div>
<br clear="none">__________________________________________________________________________<br clear="none">
OpenStack Development Mailing List (not for usage questions)<br clear="none">
Unsubscribe: <a rel="nofollow" shape="rect" target="_blank" href="http://OpenStack-dev-request@lists.openstack.org/?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br clear="none">
<br clear="none"></blockquote></div><br clear="none"></div></div></div></div></div><br><br></div> </div> </div>  </div></body></html>