Bug 1400993 - [RFE] Allow RBAC options for subnets of an external network
Summary: [RFE] Allow RBAC options for subnets of an external network
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron
Version: 8.0 (Liberty)
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: async
: ---
Assignee: Assaf Muller
QA Contact: Toni Freger
URL:
Whiteboard:
Depends On:
Blocks: 1381612
TreeView+ depends on / blocked
 
Reported: 2016-12-02 14:08 UTC by Irina Petrova
Modified: 2021-12-10 15:02 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-18 00:31:32 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker OSP-11281 0 None None None 2021-12-10 15:02:02 UTC

Description Irina Petrova 2016-12-02 14:08:39 UTC 
Description of problem:

RBAC feature [1] allows to configure which tenant has access to the external networks.
Customer has different subnets inside an external network, and they want to configure RBAC on the subnets, not only on the net.

Use Case:

Customer wants to configure only one external network for each OSP deployment, and they want to create different subnets inside of it, one for each environment with different addresses.
They are comfortable with the RBAC definition for networks, but they want also to apply this configuration to the subnets, controlling which tenant use each subnet.

[1] http://docs.openstack.org/liberty/networking-guide/adv-config-network-rbac.html
Comment 1 Red Hat Bugzilla Rules Engine 2017-03-15 15:32:01 UTC 
This bugzilla has been removed from the release and needs to be reviewed and Triaged for another Target Release.
Comment 2 Nir Yechiel 2018-03-18 00:31:32 UTC 
I reviewed this request with engineering and with couple of customers in the past. It does not look like this is going to be fixed soon, and a common solution is to setup different external networks and configure RBAC per network.
Note You need to log in before you can comment on or make changes to this bug.