fwaas v2 [1] has a concept of public attribute that is being used to share firewall policies etc. I believe RBAC was taken into account but dismissed for lack of strong use cases that justified the extra layer of complexity. For this reason, we'll have to reject this for now and reassess later on, when we have some fwaas concrete to chew on.
[1] https://blueprints.launchpad.net/neutron/+spec/fwaas-api-2.0 ** Changed in: neutron Status: Confirmed => Won't Fix ** Changed in: neutron Assignee: zhaobo (zhaobo6) => (unassigned) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1524231 Title: [RFE]Role-based access control for neutron fwaas policies Status in neutron: Won't Fix Bug description: [Existing problem] Now, fwaas just contain the 'shared' field, when it is True, it can be fetched by all tenants. But there is more requirements now, the enterprise who have the strong fw(more legitimate fw-rules/policies) want to share / sell its fw service to some tenants through our cloud system. [Proposal] Now neutron can not fulfill this task until import rbac policies in L release. I think we could base on the existing rbac policies mechanism to extend more resources which may have this application scene. We could control the fw shared like existing network shared or maybe more cover. [What is the enhancement?] Share FW more sophisticated to other specified tenants To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1524231/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
