In Red Hat Enterprise Linux OpenStack Platform 8, users can apply RBAC to networks, allowing administrators to control access to networks across tenants. A conceptual overview and instructions on how and why to configure RBAC must be added to the Networking Guide.
Assigning to Martin for review.
Content has been tech reviewed by SME
For docs QA, updated URL is here: https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/single/networking-guide#sec-rbac All of chapter 12 is in scope for peer review.
Hi Martin, Sorry it took so long. This BZ slipped under my radar. Here's a my peer review: > OpenStack Networking now uses a RBAC table to control sharing of neutron networks between tenants Since you can share networks with more than two tenants, it should be "among tenants". > ability for some tenants to create networks, and can instead allow them Unnecessary comma. > Use neutron rbac-delete to delete the RBAC, based on its ID value: Unnecessary comma. > Access to external networks (networks with gateway interfaces attached) can be controlled with RBAC, using the --action access_as_external parameter. Consider using active voice: "You can grant RBAC access to external networks (networks with gateway interfaces attached) using the --action access_as_external parameter." Also an unnecessary comma. > this procedure creates a RBAC for the web-servers network, and grants access to the engineering tenant (c717f263785d4679b16a122516247deb): Unnecessary comma. > As a result, users in the Engineering tenant are able to view the network, or connect instances to it: Unnecessary comma.
Cool. Flipping this to VERIFIED.
Closing bug: https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/single/networking-guide#sec-rbac