Public bug reported: I was trying update "target_tenant" field in the existing RBAC policy, The policy is "access_as_external" policy.
On an admin tenant, with an admin user, I created an external network. This automatically creates and "access_as_external" action RBAC policy with "*" value for "target_tenant" attribute. +---------------+--------------------------------------+ | Field | Value | +---------------+--------------------------------------+ | action | access_as_external | | id | f09399eb-1829-4675-8155-4972b4378b9c | | object_id | 0ff86006-8d7d-4e9b-ba11-960c7ff50dae | | object_type | network | | target_tenant | * | | tenant_id | a654338c862f401a8665c3fbed289a75 | +---------------+--------------------------------------+ I wanted to update the RBAC policy but encountered the following error: "neutron rbac-update f09399eb-1829-4675-8155-4972b4378b9c --target_tenant a654338c862f401a8665c3fbed289a75 RBAC policy on object 0ff86006-8d7d-4e9b-ba11-960c7ff50dae cannot be removed because other objects depend on it. Details: Callback neutron.plugins.ml2.plugin.Ml2Plugin._validate_ext_not_in_use_by_tenant failed with "'policy_tenant'" Neutron server returns request_ids: ['req-218d22bd-f484-41e3-9908-798bb93ae149']" The external network is not in use by any router/or any other object. Reproduction steps: Create a network with " router:external" attribute ( external network) See rbac policy list and show the existing rbac policy for the external network (see object_id = network_id) execute "neutron rbac-update RBACPOLICYID --target_tenant DESIRED_TENANT_ID" Version: MITAKA on rhel 7.2 AllInOne environment. (packstack installation) ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1577100 Title: RBAC "Access_as_external" policy update Status in neutron: New Bug description: I was trying update "target_tenant" field in the existing RBAC policy, The policy is "access_as_external" policy. On an admin tenant, with an admin user, I created an external network. This automatically creates and "access_as_external" action RBAC policy with "*" value for "target_tenant" attribute. +---------------+--------------------------------------+ | Field | Value | +---------------+--------------------------------------+ | action | access_as_external | | id | f09399eb-1829-4675-8155-4972b4378b9c | | object_id | 0ff86006-8d7d-4e9b-ba11-960c7ff50dae | | object_type | network | | target_tenant | * | | tenant_id | a654338c862f401a8665c3fbed289a75 | +---------------+--------------------------------------+ I wanted to update the RBAC policy but encountered the following error: "neutron rbac-update f09399eb-1829-4675-8155-4972b4378b9c --target_tenant a654338c862f401a8665c3fbed289a75 RBAC policy on object 0ff86006-8d7d-4e9b-ba11-960c7ff50dae cannot be removed because other objects depend on it. Details: Callback neutron.plugins.ml2.plugin.Ml2Plugin._validate_ext_not_in_use_by_tenant failed with "'policy_tenant'" Neutron server returns request_ids: ['req-218d22bd-f484-41e3-9908-798bb93ae149']" The external network is not in use by any router/or any other object. Reproduction steps: Create a network with " router:external" attribute ( external network) See rbac policy list and show the existing rbac policy for the external network (see object_id = network_id) execute "neutron rbac-update RBACPOLICYID --target_tenant DESIRED_TENANT_ID" Version: MITAKA on rhel 7.2 AllInOne environment. (packstack installation) To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1577100/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp