Open Stack

Hi Lars,

By default, networks marked as ‘external’ are visible/usable from all projects, even if shared is False. Ordinary networks (non-external) should not be usable or visible from projects other than the one they’re associated with. Neutron RBAC policies can be used to provide granular visibility to specific projects for both external and non-external networks. If you’re seeing something different, please let us know.

James


From: Lars-Erik Helander <lars-erik.helander at proceranetworks.com>
Date: Thursday, April 6, 2017 at 8:30 AM
To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
Subject: [Openstack] [openstack] Tenant/Project resource name spaces does not seem to work

If I create networks in a project and define the networks to be non-shared, I still can use these networks from other projects. Not via Horizon but via the Openstack CLI commands (openstack, nova, neutron etc) and via Heat (heat templates may refer to networks in other projects).

Is this how it is supposed to be?
Might I have misconfigured my Openstack in order to get this behaviour, if so any hints on where to look for the settings that causes the current behaviour?

/Lars
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170406/fa57fe2c/attachment.html>