<div dir="ltr"><span style="font-family:Helvetica;font-size:medium">Hi Folks,</span><br><div class="gmail_quote"><div dir="ltr"><div style="font-size:medium;font-family:Helvetica"><br></div><div style="font-size:medium;font-family:Helvetica">
I'm trying to understand the quantum security model. I've OVS plugin configured with VLAN isolation. </div><div style="font-size:medium;font-family:Helvetica"><br></div><div style="font-size:medium;font-family:Helvetica">
I've a tenant project (alt_demo)</div><div style="font-size:medium;font-family:Helvetica"><br></div><blockquote style="font-size:medium;margin:0px 0px 0px 40px;font-family:Helvetica;padding:0px;border:none">
<div><b>(admin) > keystone tenant-list</b></div><div>+----------------------------------+----------+---------+</div><div>| id | name | enabled |</div><div>+----------------------------------+----------+---------+</div>
<div>| c19f9a2d16b74c3c971dbfbc1afdc687 | admin | True |</div><div>| a37209139af44a8a8a2a8e519e3f8478 | alt_demo | True |</div><div>| 70e910a7296d4a19be4b32d5bcaf3996 | services | True |</div><div>+----------------------------------+----------+---------+</div>
</blockquote><div style="font-size:medium;font-family:Helvetica"><br></div><div style="font-size:medium;font-family:Helvetica">I've a user (alt_demo) who is a 'member' of project alt_demo. (alt_demo is not an admin)</div>
<div style="font-size:medium;font-family:Helvetica"><br></div><blockquote style="font-size:medium;margin:0px 0px 0px 40px;font-family:Helvetica;padding:0px;border:none"><div><b>(admin > keystone user-list</b></div>
<div>+----------------------------------+----------+---------+-------------------+</div><div>| id | name | enabled | email |</div><div>+----------------------------------+----------+---------+-------------------+</div>
<div>| 338a1897720a4be48023a6987c76191d | admin | True | <a href="mailto:test@test.com" target="_blank">test@test.com</a> |</div><div>| c2dc7ac0e8bf4628bc7d3b2fe285793a | alt_demo | True | <a href="mailto:alt_demo@demo.com" target="_blank">alt_demo@demo.com</a> |</div>
<div>| 94936f26d48e481dadacda322fc51858 | cinder | True | cinder@localhost |</div><div>| b7db5ef2f2d849b1a8dfc7f043bf4289 | glance | True | glance@localhost |</div><div>| a42b0ca85f914cf88dc6361da5e08a0c | nova | True | nova@localhost |</div>
<div>| 2f0f85cb85f242c7b9c5f620886b9537 | quantum | True | quantum@localhost |</div><div>+----------------------------------+----------+---------+-------------------+</div></blockquote><div style="font-size:medium;font-family:Helvetica">
<br></div><div style="font-size:medium;font-family:Helvetica">As <b>alt_demo</b>, try to create a network</div><div style="font-size:medium;font-family:Helvetica"><br></div><blockquote style="font-size:medium;margin:0px 0px 0px 40px;font-family:Helvetica;padding:0px;border:none">
<div><b>(alt_demo) > quantum net-create alt-net</b></div><div>Created a new network:</div><div>+-----------------+--------------------------------------+</div><div>| Field | Value |</div>
<div>+-----------------+--------------------------------------+</div><div>| admin_state_up | True |</div><div>| id | c1629dac-91dd-424a-bc82-8b97323f5059 |</div><div>| name | alt-net |</div>
<div>| router:external | False |</div><div>| shared | False |</div><div>| status | ACTIVE |</div><div>| subnets | |</div>
<div>| tenant_id | a37209139af44a8a8a2a8e519e3f8478 |</div><div>+-----------------+--------------------------------------+</div></blockquote><div style="font-size:medium;font-family:Helvetica"><br>
</div><div style="font-size:medium;font-family:Helvetica">Now, the question I've is the user "alt_demo" cannot see the VLAN/provider-network and other details which is very confusing (when the user was able to create the network, he should be able to see details of the network he just created).</div>
<div style="font-size:medium;font-family:Helvetica"><br></div><blockquote style="font-size:medium;margin:0px 0px 0px 40px;font-family:Helvetica;padding:0px;border:none"><div><b>(alt_demo) > quantum net-show alt-net</b></div>
<div>+-----------------+--------------------------------------+</div><div>| Field | Value |</div><div>+-----------------+--------------------------------------+</div><div>| admin_state_up | True |</div>
<div>| id | c1629dac-91dd-424a-bc82-8b97323f5059 |</div><div>| name | alt-net |</div><div>| router:external | False |</div><div>| shared | False |</div>
<div>| status | ACTIVE |</div><div>| subnets | |</div><div>| tenant_id | a37209139af44a8a8a2a8e519e3f8478 |</div><div>+-----------------+--------------------------------------+</div>
</blockquote><div style="font-size:medium;font-family:Helvetica"><br></div><div style="font-size:medium;font-family:Helvetica">Here's what an "admin" user sees :</div><div style="font-size:medium;font-family:Helvetica">
<br></div><blockquote style="font-size:medium;margin:0px 0px 0px 40px;font-family:Helvetica;padding:0px;border:none"><div><b>(admin) > quantum net-show alt-net</b></div><div>+---------------------------+--------------------------------------+</div>
<div>| Field | Value |</div><div>+---------------------------+--------------------------------------+</div><div>| admin_state_up | True |</div>
<div>| id | c1629dac-91dd-424a-bc82-8b97323f5059 |</div><div>| name | alt-net |</div><div>| <b>provider:network_type | vlan</b> |</div>
<div>| <b>provider:physical_network | physnet1</b> |</div><div>| <b>provider:segmentation_id | 46 </b>|</div><div>| router:external | False |</div>
<div>| shared | False |</div><div>| status | ACTIVE |</div><div>| subnets | |</div>
<div>| tenant_id | a37209139af44a8a8a2a8e519e3f8478 |</div><div>+---------------------------+--------------------------------------+</div></blockquote><div style="font-size:medium;font-family:Helvetica">
<br></div><div style="font-size:medium;font-family:Helvetica">Thanks !</div><span class="HOEnZb"><font color="#888888"><div style="font-size:medium;font-family:Helvetica">Prashanth</div></font></span></div>
</div><br></div>