Bug 1999565

Summary:	[RFE] Allow sharing security groups as read-only
Product:	Red Hat OpenStack	Reporter:	Eric Nothen <enothen>
Component:	openstack-neutron	Assignee:	Slawek Kaplonski <skaplons>
Status:	CLOSED MIGRATED	QA Contact:	Eran Kuris <ekuris>
Severity:	low	Docs Contact:
Priority:	unspecified
Version:	18.0 (Zed)	CC:	ccamposr, chrisw, mtomaska, scohen, skaplons
Target Milestone:	---	Keywords:	FutureFeature
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2023-08-21 20:54:47 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Eric Nothen 2021-08-31 10:50:14 UTC

Description of problem:
As discussed on this upstream RFE [1], there is currently no way to share a security group between projects in a read-only way. This would be useful for customers who want to centralize rules, but avoid members of target projects from adding or deleting rules on these shared security groups.

Version-Release number of selected component (if applicable):
RHOSP 16.x

How reproducible:
Reproducible following steps to create an "access_as_shared" (RW) security group as documented on this KCS [2] (pending formal product documentation as described on this BZ [3]).

Steps to Reproduce:
See KCS [2]

Actual results:
Any security group shared as described on [2] can be modified (rules added or deleted) by members/admins of the target projects to which it is being shared.

Expected results:
A customer can share a security group as RO, in which users/admins of the target tenants can make use of the shared security group, but not add or delete rules on it.


Additional info:
[1] https://bugs.launchpad.net/neutron/+bug/1875516
[2] https://access.redhat.com/solutions/6275121
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1995461