yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #88944
[Bug 1975603] [NEW] Neutron RBAC not sharing subnet
Public bug reported:
TLDR: when trying to add a subnet (from a rbac/shared network) on a
router, neutron is giving error Cannot add interface to router because
subnet xyz is not owned by project making the request.
OpenStack version: victoria
Steps to reproduce:
# from project 31aed5a28b4a402d8b4f335eaccbab69
$ openstack subnet list
...
| e1a5dbb9-a741-4e47-a077-3e17e759cf38 | df-subnet | c01bec75-a583-4425-939e-b5dcc6fc2532 | 192.168.199.0/24 |
...
$ openstack network rbac create --target-project c96f97dea04649968b40c751b421150e --action access_as_shared --type network c01bec75-a583-4425-939e-b5dcc6fc2532
# from project c96f97dea04649968b40c751b421150e
$ openstack subnet list
...
| e1a5dbb9-a741-4e47-a077-3e17e759cf38 | df-subnet | c01bec75-a583-4425-939e-b5dcc6fc2532 | 192.168.199.0/24 |
...
# subnet is visible!
$ openstack router list
+--------------------------------------+------+--------+-------+----------------------------------+
| ID | Name | Status | State | Project |
+--------------------------------------+------+--------+-------+----------------------------------+
| b3510a09-3c6f-4091-b29d-7634550ffe5f | demo | ACTIVE | UP | c96f97dea04649968b40c751b421150e |
+--------------------------------------+------+--------+-------+----------------------------------+
# Now adding the shared subnet in this router:
$ openstack router add subnet demo e1a5dbb9-a741-4e47-a077-3e17e759cf38
BadRequestException: 400: Client Error for url: http://neutron.k8s.opensteak.fr/v2.0/routers/b3510a09-3c6f-4091-b29d-7634550ffe5f/add_router_interface, Bad router request: Cannot add interface to router because subnet e1a5dbb9-a741-4e47-a077-3e17e759cf38 is not owned by project making the request.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1975603
Title:
Neutron RBAC not sharing subnet
Status in neutron:
New
Bug description:
TLDR: when trying to add a subnet (from a rbac/shared network) on a
router, neutron is giving error Cannot add interface to router because
subnet xyz is not owned by project making the request.
OpenStack version: victoria
Steps to reproduce:
# from project 31aed5a28b4a402d8b4f335eaccbab69
$ openstack subnet list
...
| e1a5dbb9-a741-4e47-a077-3e17e759cf38 | df-subnet | c01bec75-a583-4425-939e-b5dcc6fc2532 | 192.168.199.0/24 |
...
$ openstack network rbac create --target-project c96f97dea04649968b40c751b421150e --action access_as_shared --type network c01bec75-a583-4425-939e-b5dcc6fc2532
# from project c96f97dea04649968b40c751b421150e
$ openstack subnet list
...
| e1a5dbb9-a741-4e47-a077-3e17e759cf38 | df-subnet | c01bec75-a583-4425-939e-b5dcc6fc2532 | 192.168.199.0/24 |
...
# subnet is visible!
$ openstack router list
+--------------------------------------+------+--------+-------+----------------------------------+
| ID | Name | Status | State | Project |
+--------------------------------------+------+--------+-------+----------------------------------+
| b3510a09-3c6f-4091-b29d-7634550ffe5f | demo | ACTIVE | UP | c96f97dea04649968b40c751b421150e |
+--------------------------------------+------+--------+-------+----------------------------------+
# Now adding the shared subnet in this router:
$ openstack router add subnet demo e1a5dbb9-a741-4e47-a077-3e17e759cf38
BadRequestException: 400: Client Error for url: http://neutron.k8s.opensteak.fr/v2.0/routers/b3510a09-3c6f-4091-b29d-7634550ffe5f/add_router_interface, Bad router request: Cannot add interface to router because subnet e1a5dbb9-a741-4e47-a077-3e17e759cf38 is not owned by project making the request.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1975603/+subscriptions
Follow ups
