Bug 1339441 - [Docs] [Networking] Document RBAC support for external networks
Summary: [Docs] [Networking] Document RBAC support for external networks
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: documentation
Version: 9.0 (Mitaka)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ga
: 9.0 (Mitaka)
Assignee: Martin Lopes
QA Contact: Deepti Navale
URL:
Whiteboard:
Depends On: 1325676
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-25 03:41 UTC by Andrew Dahms
Modified: 2016-11-08 02:22 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-08 02:22:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Andrew Dahms 2016-05-25 03:41:12 UTC 
Red Hat OpenStack Platform introduces additional functionality to control access to external networks via the RBAC framework.

From the engineering bug:

"This allows access to external networks to be controlled via the RBAC framework added during Liberty with a new 'access_as_external' action. A migration adds all current external networks to the RBAC policies table with a wildcard indicating that all tenants can access the network as RBAC. Unlike the conversion of shared networks to RBAC, the external table is left in the DB to avoid invasive changes throughout the codebase to calculate the flag relative to the caller. So the current 'external' flag is used throughout the code base as it previously was for wiring up floating IPs, router gateway ports, etc. Then the RBAC entries are only referenced when determining what networks to show the tenants."
Comment 1 Andrew Dahms 2016-05-26 02:55:00 UTC 
Assigning to Martin for review.
Comment 2 Martin Lopes 2016-07-26 01:39:27 UTC 
Dev bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1325676
Note You need to log in before you can comment on or make changes to this bug.