yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1907843] Re: security groups filtered with tenant_id does not accept rbac

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Slawek Kaplonski <1907843@xxxxxxxxxxxxxxxxxx>
Date: Mon, 14 Dec 2020 11:47:26 -0000
Reply-to: Bug 1907843 <1907843@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I just tested it locally with Openstack CLI client and it works fine:

http://::1:9696 "GET /v2.0/security-groups?fields=id&fields=name&fields=description&fields=project_id&fields=tags HTTP/1.1" 200 341
RESP: [200] Connection: keep-alive Content-Length: 341 Content-Type: application/json Date: Mon, 14 Dec 2020 11:46:03 GMT X-Openstack-Request-Id: req-778a68db-dc59-4323-b5c8-6cccb5475703
RESP BODY: {"security_groups": [{"id": "1fc10a43-4e50-45ef-b82e-7eacc1e76414", "name": "test-rbac", "description": "", "tags": [], "project_id": "90faad0a19974fa39d33a875cb9ba84d"}, {"id": "64e7e48b-09a1-4d7b-86e7-d7bdc8ac4dab", "name": "default", "description": "Default security group", "tags": [], "project_id": "40c8b13e29404b8492c8099df7525a79"}]}
GET call to network for http://[::1]:9696/v2.0/security-groups?fields=id&fields=name&fields=description&fields=project_id&fields=tags used request id req-778a68db-dc59-4323-b5c8-6cccb5475703
+--------------------------------------+-----------+------------------------+----------------------------------+------+
| ID                                   | Name      | Description            | Project                          | Tags |
+--------------------------------------+-----------+------------------------+----------------------------------+------+
| 1fc10a43-4e50-45ef-b82e-7eacc1e76414 | test-rbac |                        | 90faad0a19974fa39d33a875cb9ba84d | []   |
| 64e7e48b-09a1-4d7b-86e7-d7bdc8ac4dab | default   | Default security group | 40c8b13e29404b8492c8099df7525a79 | []   |
+--------------------------------------+-----------+------------------------+----------------------------------+------+

Based on that I think that it isn't Neutron bug but maybe something in
Horizon. I'm marking this bug as Incomplete in Neutron for now and I
will also add Horizon as affected project.

** Also affects: horizon
   Importance: Undecided
       Status: New

** Changed in: neutron
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1907843

Title:
  security groups filtered with tenant_id does not accept rbac

Status in OpenStack Dashboard (Horizon):
  New
Status in neutron:
  Invalid

Bug description:
  Horizon filters security groups on tenant_id, this excludes rbac
  shared security groups from other projects/tenants. Perhaps there
  should be a filter option called tenant_allowed so that horizon can
  filter correctly for all tenants, without losing the ability to filter
  on owner project_id.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1907843/+subscriptions

References

[Bug 1907843] [NEW] security groups filtered with tenant_id does not accept rbac
From: Jesper Schmitz Mouridsen, 2020-12-11