yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #51432
[Bug 1585082] [NEW] Invalid RBAC policy when providing target-tenant with name
Public bug reported:
When creating a RBAC policy by indicating the name of a target tenant as
follows, the RBAC policy can be created without any errors:
[(keystone_admin)]# neutron rbac-create --type network --action access_as_shared --target-tenant demo demo-rbac
Created a new rbac_policy:
+---------------+--------------------------------------+
| Field | Value |
+---------------+--------------------------------------+
| action | access_as_shared |
| id | 033a7a71-7fd1-468c-b6fc-11ed94848015 |
| object_id | ef0d0910-0a9a-4cd4-b9f0-ab76e9a31478 |
| object_type | network |
| target_tenant | demo |
| tenant_id | cd1d7694e4aa4585b6ac303f089c56e0 |
+---------------+--------------------------------------+
However, if we check the network resource from the target tenant point
of view, the RBAC policy based network cannot be found:
[(keystone_demo)]# neutron net-list
+--------------------------------------+----------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+----------+-------------------------------------------------------+
| afc53e26-85f7-4130-8d93-9d64e79b8d4f | private | 8f436128-ab4f-44ec-8101-d69a88fae67e 10.0.0.0/24 |
| | | 71aaf5a6-0a8a-47cc-89c1-ecc0ad2b2b0f |
| 63ae8ae2-d71f-40a9-b92f-2208ce44c8ab | public | c9aa91b0-5624-4d3e-b418-a0c3f3f0ebd6 |
+--------------------------------------+----------+-------------------------------------------------------+
Therefore, the RBAC policy has been created, but it is not valid for the
target tenant. This should be fixed
** Affects: neutron
Importance: Undecided
Status: New
** Tags: neutron
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1585082
Title:
Invalid RBAC policy when providing target-tenant with name
Status in neutron:
New
Bug description:
When creating a RBAC policy by indicating the name of a target tenant
as follows, the RBAC policy can be created without any errors:
[(keystone_admin)]# neutron rbac-create --type network --action access_as_shared --target-tenant demo demo-rbac
Created a new rbac_policy:
+---------------+--------------------------------------+
| Field | Value |
+---------------+--------------------------------------+
| action | access_as_shared |
| id | 033a7a71-7fd1-468c-b6fc-11ed94848015 |
| object_id | ef0d0910-0a9a-4cd4-b9f0-ab76e9a31478 |
| object_type | network |
| target_tenant | demo |
| tenant_id | cd1d7694e4aa4585b6ac303f089c56e0 |
+---------------+--------------------------------------+
However, if we check the network resource from the target tenant point
of view, the RBAC policy based network cannot be found:
[(keystone_demo)]# neutron net-list
+--------------------------------------+----------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+----------+-------------------------------------------------------+
| afc53e26-85f7-4130-8d93-9d64e79b8d4f | private | 8f436128-ab4f-44ec-8101-d69a88fae67e 10.0.0.0/24 |
| | | 71aaf5a6-0a8a-47cc-89c1-ecc0ad2b2b0f |
| 63ae8ae2-d71f-40a9-b92f-2208ce44c8ab | public | c9aa91b0-5624-4d3e-b418-a0c3f3f0ebd6 |
+--------------------------------------+----------+-------------------------------------------------------+
Therefore, the RBAC policy has been created, but it is not valid for
the target tenant. This should be fixed
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1585082/+subscriptions
Follow ups
