yahoo-eng-team team mailing list archive

[Miguel Lavalle <miguel@xxxxxxxxxxxx>]

Since this is a questions rather than a bug report, I am flagging it as
invalid

** Changed in: neutron
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1649909

Title:
  Domain-defined RBAC

Status in neutron:
  Invalid

Bug description:
  Hi,

  I want to make an external network visible at a keystone domain-wide
  scope; I try this:

  openstack network rbac create --target-project-domain DOMAIN_ID --action access_as_external --type network NETWORK_ID --target-project '*'
  CommandError: No project with a name or ID of '*' exists.

  Because it use this call to retrieve project:
  http://controller.admin:35357/v3/projects?domain_id=DOMAIN_ID&name=%2A

  RBAC specifications only use domain during rbac creation, domain isn't
  store in db:

  MariaDB [neutron]> desc networkrbacs;
  +---------------+--------------+------+-----+---------+-------+
  | Field         | Type         | Null | Key | Default | Extra |
  +---------------+--------------+------+-----+---------+-------+
  | id            | varchar(36)  | NO   | PRI | NULL    |       |
  | object_id     | varchar(36)  | NO   | MUL | NULL    |       |
  | project_id    | varchar(255) | YES  | MUL | NULL    |       |
  | target_tenant | varchar(255) | NO   |     | NULL    |       |
  | action        | varchar(255) | NO   | MUL | NULL    |       |
  +---------------+--------------+------+-----+---------+-------+

  Two questions:
  1 Is it possible to create an rbac for all projects using CLI ?
  2 Is it planned to use target-project-domain not only at rbac creation but also for filtering target projects ?

  Thanks,

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1649909/+subscriptions