Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1339441

Summary: [Docs] [Networking] Document RBAC support for external networks
Product: Red Hat OpenStack Reporter: Andrew Dahms <adahms>
Component: documentationAssignee: Martin Lopes <mlopes>
Status: CLOSED CURRENTRELEASE QA Contact: Deepti Navale <dnavale>
Severity: medium Docs Contact:
Priority: medium    
Version: 9.0 (Mitaka)CC: dnavale, lbopf, mburns, mlopes, nyechiel, srevivo
Target Milestone: gaKeywords: Documentation
Target Release: 9.0 (Mitaka)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-08 02:22:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1325676    
Bug Blocks:    

Description Andrew Dahms 2016-05-25 03:41:12 UTC 
Red Hat OpenStack Platform introduces additional functionality to control access to external networks via the RBAC framework.

From the engineering bug:

"This allows access to external networks to be controlled via the RBAC framework added during Liberty with a new 'access_as_external' action. A migration adds all current external networks to the RBAC policies table with a wildcard indicating that all tenants can access the network as RBAC. Unlike the conversion of shared networks to RBAC, the external table is left in the DB to avoid invasive changes throughout the codebase to calculate the flag relative to the caller. So the current 'external' flag is used throughout the code base as it previously was for wiring up floating IPs, router gateway ports, etc. Then the RBAC entries are only referenced when determining what networks to show the tenants."
Comment 1 Andrew Dahms 2016-05-26 02:55:00 UTC 
Assigning to Martin for review.
Comment 2 Martin Lopes 2016-07-26 01:39:27 UTC 
Dev bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1325676