Bug 1400993

Summary: [RFE] Allow RBAC options for subnets of an external network
Product: Red Hat OpenStack Reporter: Irina Petrova <ipetrova>
Component: openstack-neutronAssignee: Assaf Muller <amuller>
Status: CLOSED WONTFIX QA Contact: Toni Freger <tfreger>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0 (Liberty)CC: amuller, chrisw, dsanzmor, ealcaniz, molasaga, nyechiel, srevivo
Target Milestone: asyncKeywords: FutureFeature
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-18 00:31:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1381612    

Description Irina Petrova 2016-12-02 14:08:39 UTC 
Description of problem:

RBAC feature [1] allows to configure which tenant has access to the external networks.
Customer has different subnets inside an external network, and they want to configure RBAC on the subnets, not only on the net.

Use Case:

Customer wants to configure only one external network for each OSP deployment, and they want to create different subnets inside of it, one for each environment with different addresses.
They are comfortable with the RBAC definition for networks, but they want also to apply this configuration to the subnets, controlling which tenant use each subnet.

[1] http://docs.openstack.org/liberty/networking-guide/adv-config-network-rbac.html
Comment 1 Red Hat Bugzilla Rules Engine 2017-03-15 15:32:01 UTC 
This bugzilla has been removed from the release and needs to be reviewed and Triaged for another Target Release.
Comment 2 Nir Yechiel 2018-03-18 00:31:32 UTC 
I reviewed this request with engineering and with couple of customers in the past. It does not look like this is going to be fixed soon, and a common solution is to setup different external networks and configure RBAC per network.