"""
steps:
1, demo tenant create a network net1
2, demo tenant create a subnet sn1 in net1
3, admin create a subnet sn2 in net1
4, demo tenant run "neutron subnet-list"
expected: command output should contains sn1 and sn2
observed: only sn1 can be seen.
"""
And it seems to be the expected behavior
** Changed in: neutron
Status: In Progress => Opinion
** Tags added: access-control
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1536176
Title:
network owner cannot get all subnets
Status in neutron:
Opinion
Bug description:
steps:
1, demo tenant create a network net1
2, demo tenant create a subnet sn1 in net1
3, admin create a subnet sn2 in net1
4, demo tenant run "neutron subnet-list"
expected: command output should contains sn1 and sn2
observed: only sn1 can be seen.
in policy.json
[1] "create_subnet": "rule:admin_or_network_owner",
[2] "get_subnet": "rule:admin_or_owner or rule:shared",
from [1], since only admin and network owner can create subnet on tenant
network, it should make sense to allow network owner to get all subnets on
her/his network.
with rbac, after demo tenant add rbac access_as_shared rule for alt_demo
tenant.
alt_demo tenant run "subnet-list" can get sn1 and sn2.
That's very interesting, rbac allowed tenant can get all subnets, but not
network owner.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1536176/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
