Hi Folks, I'm trying to understand the quantum security model. I've OVS plugin configured with VLAN isolation.
I've a tenant project (alt_demo) *(admin) > keystone tenant-list* +----------------------------------+----------+---------+ | id | name | enabled | +----------------------------------+----------+---------+ | c19f9a2d16b74c3c971dbfbc1afdc687 | admin | True | | a37209139af44a8a8a2a8e519e3f8478 | alt_demo | True | | 70e910a7296d4a19be4b32d5bcaf3996 | services | True | +----------------------------------+----------+---------+ I've a user (alt_demo) who is a 'member' of project alt_demo. (alt_demo is not an admin) *(admin > keystone user-list* +----------------------------------+----------+---------+-------------------+ | id | name | enabled | email | +----------------------------------+----------+---------+-------------------+ | 338a1897720a4be48023a6987c76191d | admin | True | t...@test.com | | c2dc7ac0e8bf4628bc7d3b2fe285793a | alt_demo | True | alt_d...@demo.com| | 94936f26d48e481dadacda322fc51858 | cinder | True | cinder@localhost| | b7db5ef2f2d849b1a8dfc7f043bf4289 | glance | True | glance@localhost| | a42b0ca85f914cf88dc6361da5e08a0c | nova | True | nova@localhost | | 2f0f85cb85f242c7b9c5f620886b9537 | quantum | True | quantum@localhost| +----------------------------------+----------+---------+-------------------+ As *alt_demo*, try to create a network *(alt_demo) > quantum net-create alt-net* Created a new network: +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | admin_state_up | True | | id | c1629dac-91dd-424a-bc82-8b97323f5059 | | name | alt-net | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | a37209139af44a8a8a2a8e519e3f8478 | +-----------------+--------------------------------------+ Now, the question I've is the user "alt_demo" cannot see the VLAN/provider-network and other details which is very confusing (when the user was able to create the network, he should be able to see details of the network he just created). *(alt_demo) > quantum net-show alt-net* +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | admin_state_up | True | | id | c1629dac-91dd-424a-bc82-8b97323f5059 | | name | alt-net | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | a37209139af44a8a8a2a8e519e3f8478 | +-----------------+--------------------------------------+ Here's what an "admin" user sees : *(admin) > quantum net-show alt-net* +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | c1629dac-91dd-424a-bc82-8b97323f5059 | | name | alt-net | | *provider:network_type | vlan* | | *provider:physical_network | physnet1* | | *provider:segmentation_id | 46 *| | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | a37209139af44a8a8a2a8e519e3f8478 | +---------------------------+--------------------------------------+ Thanks ! Prashanth
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev