yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #50111
[Bug 1577100] [NEW] RBAC "Access_as_external" policy update
Public bug reported:
I was trying update "target_tenant" field in the existing RBAC policy,
The policy is "access_as_external" policy.
On an admin tenant, with an admin user, I created an external network.
This automatically creates and "access_as_external" action RBAC policy
with "*" value for "target_tenant" attribute.
+---------------+--------------------------------------+
| Field | Value |
+---------------+--------------------------------------+
| action | access_as_external |
| id | f09399eb-1829-4675-8155-4972b4378b9c |
| object_id | 0ff86006-8d7d-4e9b-ba11-960c7ff50dae |
| object_type | network |
| target_tenant | * |
| tenant_id | a654338c862f401a8665c3fbed289a75 |
+---------------+--------------------------------------+
I wanted to update the RBAC policy but encountered the following error:
"neutron rbac-update f09399eb-1829-4675-8155-4972b4378b9c --target_tenant a654338c862f401a8665c3fbed289a75
RBAC policy on object 0ff86006-8d7d-4e9b-ba11-960c7ff50dae cannot be removed because other objects depend on it.
Details: Callback neutron.plugins.ml2.plugin.Ml2Plugin._validate_ext_not_in_use_by_tenant failed with "'policy_tenant'"
Neutron server returns request_ids: ['req-218d22bd-f484-41e3-9908-798bb93ae149']"
The external network is not in use by any router/or any other object.
Reproduction steps:
Create a network with " router:external" attribute ( external network)
See rbac policy list and show the existing rbac policy for the external network (see object_id = network_id)
execute "neutron rbac-update RBACPOLICYID --target_tenant DESIRED_TENANT_ID"
Version:
MITAKA on rhel 7.2
AllInOne environment. (packstack installation)
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1577100
Title:
RBAC "Access_as_external" policy update
Status in neutron:
New
Bug description:
I was trying update "target_tenant" field in the existing RBAC policy,
The policy is "access_as_external" policy.
On an admin tenant, with an admin user, I created an external
network. This automatically creates and "access_as_external" action
RBAC policy with "*" value for "target_tenant" attribute.
+---------------+--------------------------------------+
| Field | Value |
+---------------+--------------------------------------+
| action | access_as_external |
| id | f09399eb-1829-4675-8155-4972b4378b9c |
| object_id | 0ff86006-8d7d-4e9b-ba11-960c7ff50dae |
| object_type | network |
| target_tenant | * |
| tenant_id | a654338c862f401a8665c3fbed289a75 |
+---------------+--------------------------------------+
I wanted to update the RBAC policy but encountered the following error:
"neutron rbac-update f09399eb-1829-4675-8155-4972b4378b9c --target_tenant a654338c862f401a8665c3fbed289a75
RBAC policy on object 0ff86006-8d7d-4e9b-ba11-960c7ff50dae cannot be removed because other objects depend on it.
Details: Callback neutron.plugins.ml2.plugin.Ml2Plugin._validate_ext_not_in_use_by_tenant failed with "'policy_tenant'"
Neutron server returns request_ids: ['req-218d22bd-f484-41e3-9908-798bb93ae149']"
The external network is not in use by any router/or any other object.
Reproduction steps:
Create a network with " router:external" attribute ( external network)
See rbac policy list and show the existing rbac policy for the external network (see object_id = network_id)
execute "neutron rbac-update RBACPOLICYID --target_tenant DESIRED_TENANT_ID"
Version:
MITAKA on rhel 7.2
AllInOne environment. (packstack installation)
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1577100/+subscriptions
Follow ups
