Public bug reported: It was reported on the ML: https://lists.openstack.org/archives/list/openstack- disc...@lists.openstack.org/thread/4TRWELLL6FH455JNWP52LV6OLMXSFQ34/
Basically even if operator specifies custom rule like e.g.: "get_network": "(rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:shared or rule:external or rule:context_is_advsvc or role:admin_network_read" user with "admin_network_read" role can't get all networks from the cloud. It happens like that because it is filtered out on the DB access layer, in https://github.com/openstack/neutron- lib/blob/fd011c955dfae1072555c69b6ba742b85f041736/neutron_lib/db/model_query.py#L157 ** Affects: neutron Importance: Medium Assignee: Slawek Kaplonski (slaweq) Status: Confirmed ** Tags: api -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2115184 Title: [S-RBAC] Custom role can't get resources which belongs to different projects Status in neutron: Confirmed Bug description: It was reported on the ML: https://lists.openstack.org/archives/list/openstack- disc...@lists.openstack.org/thread/4TRWELLL6FH455JNWP52LV6OLMXSFQ34/ Basically even if operator specifies custom rule like e.g.: "get_network": "(rule:admin_only) or (role:reader and project_id:%(project_id)s) or rule:shared or rule:external or rule:context_is_advsvc or role:admin_network_read" user with "admin_network_read" role can't get all networks from the cloud. It happens like that because it is filtered out on the DB access layer, in https://github.com/openstack/neutron- lib/blob/fd011c955dfae1072555c69b6ba742b85f041736/neutron_lib/db/model_query.py#L157 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2115184/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
