[openstack-dev] Interconnecting projects

Anik anikm99 at yahoo.com
Tue Jun 23 14:48:24 UTC 2015


Hi Assaf,
Now reading the rbac network specs carefully, I believe it does allow private networks to be shared to other tenants by non-admin users. 
So the command "neutron rbac create <net-uuid|net-name> --type network --tenant-id <tenant-uuid> --action access_as_shared" - can this be only used by an admin ? From the specs, it did not seem so. 
Also is the action access_as_external available now ? 

    




   

On Tue, Jun 2, 2015 at 9:14 PM, Assaf Muller <amuller at redhat.com> wrote:

Check out:
http://specs.openstack.org/openstack/neutron-specs/specs/liberty/rbac-networks.html
If I understand correctly, what Anik is probably asking for is way to connect two OpenStack projects together from a network point of view, where a private network in Project1 can be connected to a Router in  Project2. AFAIK, I don't think we are planning to expose such model in RBAC where a tenant (non-admin) has a way control who can see/connect-to his/her resources.
@Anik, please correct me if I am wrong. 


Kevin is trying to solve exactly this problem. We're really hoping to land it in
time for Liberty.

----- Original Message -----
> Hi,
>
> Trying to understand if somebody has come across the following scenario:
>
> I have a two projects: Project 1 and Project 2
>
> I have a neutron private network in Project 1, that I want to connect that
> private network to a neutron port in Project 2.
>
> This does not seem to be possible without using admin credentials. I am not
> talking about a shared provider network here.
>
> It seems that the problem lies in the fact that there is no data model today
> that lets one Project have knowledge about any other Project inside the same
> OpenStack region.
>
> Any pointers there will be helpful.
> Regards,
> Anik

>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


>

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




   


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev





  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150623/0181084f/attachment.html>


More information about the OpenStack-dev mailing list