yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1585082] Re: Invalid RBAC policy when providing target-tenant with name

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1585082@xxxxxxxxxxxxxxxxxx>
Date: Sat, 15 Apr 2017 04:17:30 -0000
Reply-to: Bug 1585082 <1585082@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1585082

Title:
  Invalid RBAC policy when providing target-tenant with name

Status in neutron:
  Expired

Bug description:
  When creating a RBAC policy by indicating the name of a target tenant
  as follows, the RBAC policy can be created without any errors:

  [(keystone_admin)]# neutron rbac-create --type network --action access_as_shared --target-tenant demo demo-rbac
  Created a new rbac_policy:
  +---------------+--------------------------------------+
  | Field         | Value                                |
  +---------------+--------------------------------------+
  | action        | access_as_shared                     |
  | id            | 033a7a71-7fd1-468c-b6fc-11ed94848015 |
  | object_id     | ef0d0910-0a9a-4cd4-b9f0-ab76e9a31478 |
  | object_type   | network                              |
  | target_tenant | demo                                 |
  | tenant_id     | cd1d7694e4aa4585b6ac303f089c56e0     |
  +---------------+--------------------------------------+

  However, if we check the network resource from the target tenant point
  of view, the RBAC policy based network cannot be found:

  [(keystone_demo)]# neutron net-list
  +--------------------------------------+----------+-------------------------------------------------------+
  | id                                   | name     | subnets                                               |
  +--------------------------------------+----------+-------------------------------------------------------+
  | afc53e26-85f7-4130-8d93-9d64e79b8d4f | private  | 8f436128-ab4f-44ec-8101-d69a88fae67e 10.0.0.0/24      |
  |                                      |          | 71aaf5a6-0a8a-47cc-89c1-ecc0ad2b2b0f                  |
  | 63ae8ae2-d71f-40a9-b92f-2208ce44c8ab | public   | c9aa91b0-5624-4d3e-b418-a0c3f3f0ebd6                  |
  +--------------------------------------+----------+-------------------------------------------------------+

  Therefore, the RBAC policy has been created, but it is not valid for
  the target tenant.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1585082/+subscriptions

References

[Bug 1585082] [NEW] Invalid RBAC policy when providing target-tenant with name
From: Han Chao, 2016-05-24