[openstack-dev] Interconnecting projects
Anik
anikm99 at yahoo.com
Tue Jun 23 14:48:24 UTC 2015
Hi Assaf,
Now reading the rbac network specs carefully, I believe it does allow private networks to be shared to other tenants by non-admin users.
So the command "neutron rbac create <net-uuid|net-name> --type network --tenant-id <tenant-uuid> --action access_as_shared" - can this be only used by an admin ? From the specs, it did not seem so.
Also is the action access_as_external available now ?
On Tue, Jun 2, 2015 at 9:14 PM, Assaf Muller <amuller at redhat.com> wrote:
Check out:
http://specs.openstack.org/openstack/neutron-specs/specs/liberty/rbac-networks.html
If I understand correctly, what Anik is probably asking for is way to connect two OpenStack projects together from a network point of view, where a private network in Project1 can be connected to a Router in Project2. AFAIK, I don't think we are planning to expose such model in RBAC where a tenant (non-admin) has a way control who can see/connect-to his/her resources.
@Anik, please correct me if I am wrong.
Kevin is trying to solve exactly this problem. We're really hoping to land it in
time for Liberty.
----- Original Message -----
> Hi,
>
> Trying to understand if somebody has come across the following scenario:
>
> I have a two projects: Project 1 and Project 2
>
> I have a neutron private network in Project 1, that I want to connect that
> private network to a neutron port in Project 2.
>
> This does not seem to be possible without using admin credentials. I am not
> talking about a shared provider network here.
>
> It seems that the problem lies in the fact that there is no data model today
> that lets one Project have knowledge about any other Project inside the same
> OpenStack region.
>
> Any pointers there will be helpful.
> Regards,
> Anik
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150623/0181084f/attachment.html>
More information about the OpenStack-dev
mailing list