On Fri, Jun 3, 2016 at 11:16 AM, Darek Smigiel <[email protected]> wrote: > Hello, > Doing reviews I noticed, that Liu Yong submitted a bug [1] where we have a > problem with removing subnets.
This makes me wonder what the use case that gets in to this situation. > In short: if tenant wants to delete network with subnets, where at least one > of subnets is created by admin, he’s not able to do this. > Liu also prepared bugfix for it [2], but now it’s starting to be much more > complicated. > > What is desired solution in this case? > One of suggestions is to elevate context, remove all subnets and nuke > everything. It can cause a problem, when one tenant can remove others’ tenant > subnets. Ignoring implementation details, I think if I own a network, I ought to be able to delete it regardless of who has created subnets on it. A network is composed of subnets. They are nothing more than the IPAM details of the network. I usually think of subnets as part of the network for this reason. I'm not even sure why a subnet has its own owner that is allowed to be different from the network owner. There only place where I've seen access to a network differ from access to the subnets is on a shared network where regular tenants have not been able to view the subnets on an admin-owned shared network. I'm not even sure this is important. I think ports are a little different. A port represents a connection from something (like a VM) to the network. Depending on what ports exist on a network we should (and do) prevent the deletion of the network. > The other is to just show info to tenant, that he’s not allowed to delete > network. But in the same time, it could be strange, that owner is not able to > just get rid of *his* network and subnets. Its like if I owned a car but my neighbor owned the seats. I can't sell or dispose of the car without my neighbor's permission? That doesn't make any sense. > If you have any opinions, suggestions, please feel free to share I think we need to figure out how to enable deleting the network without error. We can take that up in the review. Carl > [1] https://bugs.launchpad.net/neutron/+bug/1588228 > [2] https://review.openstack.org/#/c/324617/ __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
