[openstack-dev] Interconnecting projects
Assaf Muller
amuller at redhat.com
Thu Jun 25 16:15:44 UTC 2015
I'll defer to Kevin, the spec author, but you should know that the
implementation is not merged yet.
----- Original Message -----
> Hi Assaf,
>
> Now reading the rbac network specs carefully, I believe it does allow private
> networks to be shared to other tenants by non-admin users.
>
> So the command " neutron rbac create < net - uuid | net - name > -- type
> network -- tenant - id < tenant - uuid > -- action access_a
> s_shared " - can this be only used by an admin ? From the specs, it did not
> seem so.
>
> Also is the action access_as_external available now ?
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Tue, Jun 2, 2015 at 9:14 PM, Assaf Muller < amuller at redhat.com > wrote:
>
>
> Check out:
> http://specs.openstack.org/openstack/neutron-specs/specs/liberty/rbac-networks.html
> If I understand correctly, what Anik is probably asking for is way to connect
> two OpenStack projects together from a network point of view, where a
> private network in Project1 can be connected to a Router in Project2. AFAIK,
> I don't think we are planning to expose such model in RBAC where a tenant
> (non-admin) has a way control who can see/connect-to his/her resources.
>
> @Anik, please correct me if I am wrong.
>
>
>
>
> Kevin is trying to solve exactly this problem. We're really hoping to land it
> in
> time for Liberty.
>
> ----- Original Message -----
> > Hi,
> >
> > Trying to understand if somebody has come across the following scenario:
> >
> > I have a two projects: Project 1 and Project 2
> >
> > I have a neutron private network in Project 1, that I want to connect that
> > private network to a neutron port in Project 2.
> >
> > This does not seem to be possible without using admin credentials. I am not
> > talking about a shared provider network here.
> >
> > It seems that the problem lies in the fact that there is no data model
> > today
> > that lets one Project have knowledge about any other Project inside the
> > same
> > OpenStack region.
> >
> > Any pointers there will be helpful.
> > Regards,
> > Anik
>
> >
> > __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> >
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
More information about the OpenStack-dev
mailing list