[victoria][ops][horizon][neutron] Network not available to use by Members in Horizon

DHilsbos at performair.com DHilsbos at performair.com
Mon Aug 16 16:31:25 UTC 2021


All;

Thank you for your responses.  I probably should have mentioned that the network in question is an external, provider network.

Some additional Googling indicated that such networks get an RBAC rule (use-as-external) which limits what non-admins can do with them, even against the "owning" project.  I added a countering RBAC rule (use-as-shared) which targets only the project in question, and that resolved the observer issues.

Thank you,

Dominic L. Hilsbos, MBA
Vice President – Information Technology
Perform Air International Inc.
DHilsbos at PerformAir.com
www.PerformAir.com


-----Original Message-----
From: Slawek Kaplonski [mailto:skaplons at redhat.com] 
Sent: Monday, August 16, 2021 12:53 AM
To: openstack-discuss at lists.openstack.org
Cc: Dominic Hilsbos
Subject: Re: [victoria][ops][horizon][neutron] Network not available to use by Members in Horizon

Hi,

On piątek, 13 sierpnia 2021 18:25:03 CEST DHilsbos at performair.com wrote:
> All;
> 
> We just discovered, this morning, that Members of one of our projects 
> can't see the project's network, in order to use it in Instance 
> creation.  If an Administrator creates a Port, the Member user can 
> then use it to create an Instance.
> 
> Most of our activity to this point has been by Administrators, this is 
> the first time we've opened a project up to users with the Member level.
> 
> Is this expected behavior?

Please check what project is owner of the network and how are Your policies configured. By default owner (project) of the network should always see it and be able to create port in own network.

> 
> Thank you,
> 
> Dominic L. Hilsbos, MBA
> Vice President - Information Technology Perform Air International Inc.
> DHilsbos at PerformAir.com
> www.PerformAir.com


--
Slawek Kaplonski
Principal Software Engineer
Red Hat


More information about the openstack-discuss mailing list