yahoo-eng-team team mailing list archive

[Armando Migliaccio <1524231@xxxxxxxxxxxxxxxxxx>]

fwaas v2 [1] has a concept of public attribute that is being used to
share firewall policies etc. I believe RBAC was taken into account but
dismissed for lack of strong use cases that justified the extra layer of
complexity. For this reason, we'll have to reject this for now and
reassess later on, when we have some fwaas concrete to chew on.

[1] https://blueprints.launchpad.net/neutron/+spec/fwaas-api-2.0

** Changed in: neutron
       Status: Confirmed => Won't Fix

** Changed in: neutron
     Assignee: zhaobo (zhaobo6) => (unassigned)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1524231

Title:
  [RFE]Role-based access control for neutron fwaas policies

Status in neutron:
  Won't Fix

Bug description:
  [Existing problem]
  Now, fwaas just contain the 'shared' field, when it is True, it can be fetched by all tenants.  But there is more requirements now, the enterprise who have the strong fw(more legitimate fw-rules/policies) want to share / sell its fw service to some tenants through our cloud system. 

  [Proposal]
  Now neutron can not fulfill this task until import rbac policies in L release. I think we could base on the existing rbac policies  mechanism to extend more resources which may have this application scene.  We could control the fw shared like existing network shared or maybe more cover.

  [What is the enhancement?]
  Share FW more sophisticated  to other specified tenants

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1524231/+subscriptions