Bug 1287415 - [Docs] [Networking] Provide an outline of RBAC control
Summary: [Docs] [Networking] Provide an outline of RBAC control
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: documentation
Version: 8.0 (Liberty)
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ga
: 8.0 (Liberty)
Assignee: Martin Lopes
QA Contact: Dan Macpherson
URL: https://blueprints.launchpad.net/neut...
Whiteboard:
Depends On: 1266081
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-12-02 03:14 UTC by Andrew Dahms
Modified: 2016-12-02 03:13 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-02 03:13:47 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Andrew Dahms 2015-12-02 03:14:29 UTC
In Red Hat Enterprise Linux OpenStack Platform 8, users can apply RBAC to networks, allowing administrators to control access to networks across tenants. A conceptual overview and instructions on how and why to configure RBAC must be added to the Networking Guide.

Comment 1 Andrew Dahms 2015-12-02 03:15:04 UTC
Assigning to Martin for review.

Comment 3 Martin Lopes 2015-12-03 00:14:14 UTC
Content has been tech reviewed by SME

Comment 5 Martin Lopes 2016-11-08 04:12:13 UTC
For docs QA, updated URL is here: https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/single/networking-guide#sec-rbac

All of chapter 12 is in scope for peer review.

Comment 6 Dan Macpherson 2016-12-01 05:07:40 UTC
Hi Martin,

Sorry it took so long. This BZ slipped under my radar. Here's a my peer review:


> OpenStack Networking now uses a RBAC table to control sharing of neutron networks between tenants

Since you can share networks with more than two tenants, it should be "among tenants".

> ability for some tenants to create networks, and can instead allow them

Unnecessary comma.

> Use neutron rbac-delete to delete the RBAC, based on its ID value: 

Unnecessary comma.

> Access to external networks (networks with gateway interfaces attached) can be controlled with RBAC, using the --action access_as_external parameter. 

Consider using active voice: "You can grant RBAC access to external networks (networks with gateway interfaces attached) using the --action access_as_external parameter."

Also an unnecessary comma.

> this procedure creates a RBAC for the web-servers network, and grants access to the engineering tenant (c717f263785d4679b16a122516247deb): 

Unnecessary comma.

> As a result, users in the Engineering tenant are able to view the network, or connect instances to it:

Unnecessary comma.

Comment 8 Dan Macpherson 2016-12-01 06:25:57 UTC
Cool. Flipping this to VERIFIED.


Note You need to log in before you can comment on or make changes to this bug.