[openstack-dev] Interconnecting projects

Assaf Muller amuller at redhat.com
Thu Jun 25 16:15:44 UTC 2015


I'll defer to Kevin, the spec author, but you should know that the
implementation is not merged yet.

----- Original Message -----
> Hi Assaf,
> 
> Now reading the rbac network specs carefully, I believe it does allow private
> networks to be shared to other tenants by non-admin users.
> 
> So the command " neutron rbac create < net - uuid | net - name > -- type
> network -- tenant - id < tenant - uuid > -- action access_a
> s_shared " - can this be only used by an admin ? From the specs, it did not
> seem so.
> 
> Also is the action access_as_external available now ?
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> On Tue, Jun 2, 2015 at 9:14 PM, Assaf Muller < amuller at redhat.com > wrote:
> 
> 
> Check out:
> http://specs.openstack.org/openstack/neutron-specs/specs/liberty/rbac-networks.html
> If I understand correctly, what Anik is probably asking for is way to connect
> two OpenStack projects together from a network point of view, where a
> private network in Project1 can be connected to a Router in Project2. AFAIK,
> I don't think we are planning to expose such model in RBAC where a tenant
> (non-admin) has a way control who can see/connect-to his/her resources.
> 
> @Anik, please correct me if I am wrong.
> 
> 
> 
> 
> Kevin is trying to solve exactly this problem. We're really hoping to land it
> in
> time for Liberty.
> 
> ----- Original Message -----
> > Hi,
> > 
> > Trying to understand if somebody has come across the following scenario:
> > 
> > I have a two projects: Project 1 and Project 2
> > 
> > I have a neutron private network in Project 1, that I want to connect that
> > private network to a neutron port in Project 2.
> > 
> > This does not seem to be possible without using admin credentials. I am not
> > talking about a shared provider network here.
> > 
> > It seems that the problem lies in the fact that there is no data model
> > today
> > that lets one Project have knowledge about any other Project inside the
> > same
> > OpenStack region.
> > 
> > Any pointers there will be helpful.
> > Regards,
> > Anik
> 
> > 
> > __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> 
> 
> > 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> 
> 
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> 
> 
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 



More information about the OpenStack-dev mailing list