""" steps: 1, demo tenant create a network net1 2, demo tenant create a subnet sn1 in net1 3, admin create a subnet sn2 in net1 4, demo tenant run "neutron subnet-list" expected: command output should contains sn1 and sn2 observed: only sn1 can be seen. """
And it seems to be the expected behavior ** Changed in: neutron Status: In Progress => Opinion ** Tags added: access-control -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1536176 Title: network owner cannot get all subnets Status in neutron: Opinion Bug description: steps: 1, demo tenant create a network net1 2, demo tenant create a subnet sn1 in net1 3, admin create a subnet sn2 in net1 4, demo tenant run "neutron subnet-list" expected: command output should contains sn1 and sn2 observed: only sn1 can be seen. in policy.json [1] "create_subnet": "rule:admin_or_network_owner", [2] "get_subnet": "rule:admin_or_owner or rule:shared", from [1], since only admin and network owner can create subnet on tenant network, it should make sense to allow network owner to get all subnets on her/his network. with rbac, after demo tenant add rbac access_as_shared rule for alt_demo tenant. alt_demo tenant run "subnet-list" can get sn1 and sn2. That's very interesting, rbac allowed tenant can get all subnets, but not network owner. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1536176/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp