yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1975603] Re: Neutron RBAC not sharing subnet

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1975603@xxxxxxxxxxxxxxxxxx>
Date: Wed, 24 Aug 2022 23:19:56 -0000
Reply-to: Bug 1975603 <1975603@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/c/openstack/neutron/+/843871
Committed: https://opendev.org/openstack/neutron/commit/8619c104b886517266f5b7ae7d19816aa5764dc0
Submitter: "Zuul (22348)"
Branch:    master

commit 8619c104b886517266f5b7ae7d19816aa5764dc0
Author: Arnaud Morin <arnaud.morin@xxxxxxxxxxxx>
Date:   Mon May 30 15:40:45 2022 +0200

    Allow shared net to be added on router
    
    This will subnets from shared networks to be added on routers using:
    $ openstack router add subnet router_id subnet_id
    
    Without this, neutron user must use a multi-router solution, which is
    not convenient at all.
    
    Closes-Bug: #1975603
    Related-Bug: #1757482
    
    Signed-off-by: Arnaud Morin <arnaud.morin@xxxxxxxxxxxx>
    Change-Id: I50f07d41428e57e6bed9be16980a6c605b7d130e


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1975603

Title:
  Neutron RBAC not sharing subnet

Status in neutron:
  Fix Released

Bug description:
  TLDR: when trying to add a subnet (from a rbac/shared network) on a
  router, neutron is giving error Cannot add interface to router because
  subnet xyz is not owned by project making the request.

  
  OpenStack version: victoria

  
  Steps to reproduce:

  
  # from project 31aed5a28b4a402d8b4f335eaccbab69
  $ openstack subnet list
  ...
  | e1a5dbb9-a741-4e47-a077-3e17e759cf38 | df-subnet            | c01bec75-a583-4425-939e-b5dcc6fc2532 | 192.168.199.0/24 |
  ...
  $ openstack network rbac create --target-project c96f97dea04649968b40c751b421150e --action access_as_shared --type network c01bec75-a583-4425-939e-b5dcc6fc2532

  
  # from project c96f97dea04649968b40c751b421150e
  $ openstack subnet list
  ...
  | e1a5dbb9-a741-4e47-a077-3e17e759cf38 | df-subnet            | c01bec75-a583-4425-939e-b5dcc6fc2532 | 192.168.199.0/24 |
  ...
  # subnet is visible!
  $ openstack router list
  +--------------------------------------+------+--------+-------+----------------------------------+
  | ID                                   | Name | Status | State | Project                          |
  +--------------------------------------+------+--------+-------+----------------------------------+
  | b3510a09-3c6f-4091-b29d-7634550ffe5f | demo | ACTIVE | UP    | c96f97dea04649968b40c751b421150e |
  +--------------------------------------+------+--------+-------+----------------------------------+

  # Now adding the shared subnet in this router:
  $ openstack router add subnet demo e1a5dbb9-a741-4e47-a077-3e17e759cf38
  BadRequestException: 400: Client Error for url: http://neutron.k8s.opensteak.fr/v2.0/routers/b3510a09-3c6f-4091-b29d-7634550ffe5f/add_router_interface, Bad router request: Cannot add interface to router because subnet e1a5dbb9-a741-4e47-a077-3e17e759cf38 is not owned by project making the request.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1975603/+subscriptions

References

[Bug 1975603] [NEW] Neutron RBAC not sharing subnet
From: Arnaud Morin, 2022-05-24