[Yahoo-eng-team] [Bug 1592000] Re: [RFE] Admin customized default security-group
[Expired for neutron because there has been no activity for 60 days.] ** Changed in: neutron Status: Incomplete => Expired -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1592000 Title: [RFE] Admin customized default security-group Status in neutron: Expired Bug description: Allow the admin to decide which rules should be added (by default) to the tenant default security-group once created. At the moment, each tenant default security-group is created with specific set of rules: allow all egress and allow ingress from default sg. However, this is not the desired behavior for all deployments, as some would want to practice a “zero trust” model where all traffic is blocked unless explicitly decided otherwise, or on the other hand, allow all inbound+outbound traffic. It’s worth nothing that at some use cases the default behavior can be expressed with very specific sets of rules, which only the admin has the knowledge to define (e.g- allow connection to active directory endpoints), in such cases the impact on usability is even worse, as it requires the admin to create rules on every tenant default security-group. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1592000/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1592000] Re: [RFE] Admin customized default security-group
I'd like to see this RFE discussed with the drivers team before it is marked as Won't Fix. ** Changed in: neutron Status: Won't Fix => Confirmed -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1592000 Title: [RFE] Admin customized default security-group Status in neutron: Confirmed Bug description: Allow the admin to decide which rules should be added (by default) to the tenant default security-group once created. At the moment, each tenant default security-group is created with specific set of rules: allow all egress and allow ingress from default sg. However, this is not the desired behavior for all deployments, as some would want to practice a “zero trust” model where all traffic is blocked unless explicitly decided otherwise, or on the other hand, allow all inbound+outbound traffic. It’s worth nothing that at some use cases the default behavior can be expressed with very specific sets of rules, which only the admin has the knowledge to define (e.g- allow connection to active directory endpoints), in such cases the impact on usability is even worse, as it requires the admin to create rules on every tenant default security-group. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1592000/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1592000] Re: [RFE] Admin customized default security-group
This was rejected in the past. My sentiment hasn't changed. [1] https://review.openstack.org/#/c/245537/ ** Changed in: neutron Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1592000 Title: [RFE] Admin customized default security-group Status in neutron: Won't Fix Bug description: Allow the admin to decide which rules should be added (by default) to the tenant default security-group once created. At the moment, each tenant default security-group is created with specific set of rules: allow all egress and allow ingress from default sg. However, this is not the desired behavior for all deployments, as some would want to practice a “zero trust” model where all traffic is blocked unless explicitly decided otherwise, or on the other hand, allow all inbound+outbound traffic. It’s worth nothing that at some use cases the default behavior can be expressed with very specific sets of rules, which only the admin has the knowledge to define (e.g- allow connection to active directory endpoints), in such cases the impact on usability is even worse, as it requires the admin to create rules on every tenant default security-group. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1592000/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
