1999565 – [RFE] Allow sharing security groups as read-only

This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .

Bug 1999565 - [RFE] Allow sharing security groups as read-only

Summary: [RFE] Allow sharing security groups as read-only

Keywords:
Status:	CLOSED MIGRATED
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-neutron
Sub Component:
Version:	18.0 (Zed)
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	Slawek Kaplonski
QA Contact:	Eran Kuris
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-08-31 10:50 UTC by Eric Nothen
Modified:	2024-12-20 20:52 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-08-21 20:54:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	OSP-27637	None	None	None	2023-08-21 20:58:11 UTC
Red Hat Issue Tracker	OSP-8222	None	None	None	2021-11-18 15:01:14 UTC
Red Hat Issue Tracker	OSPRH-305	None	None	None	2023-08-21 20:54:46 UTC

Description Eric Nothen 2021-08-31 10:50:14 UTC

Description of problem:
As discussed on this upstream RFE [1], there is currently no way to share a security group between projects in a read-only way. This would be useful for customers who want to centralize rules, but avoid members of target projects from adding or deleting rules on these shared security groups.

Version-Release number of selected component (if applicable):
RHOSP 16.x

How reproducible:
Reproducible following steps to create an "access_as_shared" (RW) security group as documented on this KCS [2] (pending formal product documentation as described on this BZ [3]).

Steps to Reproduce:
See KCS [2]

Actual results:
Any security group shared as described on [2] can be modified (rules added or deleted) by members/admins of the target projects to which it is being shared.

Expected results:
A customer can share a security group as RO, in which users/admins of the target tenants can make use of the shared security group, but not add or delete rules on it.


Additional info:
[1] https://bugs.launchpad.net/neutron/+bug/1875516
[2] https://access.redhat.com/solutions/6275121
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1995461

Note You need to log in before you can comment on or make changes to this bug.