2017-07-24 23:09:21 |
Aniruddh Amonker |
bug |
|
|
added bug |
2017-07-24 23:10:13 |
Aniruddh Amonker |
description |
Contrail Release: 3.2.3
Problem Description:
“Create Network” operation using GUI is failing for certain tenants even though “virtual_network” object has been assigned “Create” rights for “_member_”.
This is only affecting tenants that existed before enabling RBAC feature. We created some new tenants and we were able to successfully create new networks using the same tenant users.
Also issue is not only tied to "virtual network" creation, any new object creation under pre-existing tenants is also experiencing the same error
This has been identified as a known limitation. Objects (including projects) created prior to enabling RBAC will not be accessible to non-admin users after RBAC is enabled. This is because the ‘onwer’ field for such objects is set to ‘service’ tenant (which is because neutron didn’t pass the tenant information correctly), making them accessible to only ‘service’ tenant.
This LP defect is for an enhancement request to fix this behavior in upcoming releases where enabling RBAC should also make ownership changes of objects accordingly under pre-existing tenants.
Current workaround is to manually change the ownership of objects including projects using "/opt/contrail/utils/Chmod2.py" script |
Contrail Release: 3.2.3
Problem Description:
“Create Network” operation using GUI is failing for certain tenants after enabling RBAC feature even though “virtual_network” object has been assigned “Create” rights for “_member_”.
This is only affecting tenants that existed before enabling RBAC feature. We created some new tenants and we were able to successfully create new networks using the same tenant users.
Also issue is not only tied to "virtual network" creation, any new object creation under pre-existing tenants is also experiencing the same error
This has been identified as a known limitation. Objects (including projects) created prior to enabling RBAC will not be accessible to non-admin users after RBAC is enabled. This is because the ‘onwer’ field for such objects is set to ‘service’ tenant (which is because neutron didn’t pass the tenant information correctly), making them accessible to only ‘service’ tenant.
This LP defect is for an enhancement request to fix this behavior in upcoming releases where enabling RBAC should also make ownership changes of objects accordingly under pre-existing tenants.
Current workaround is to manually change the ownership of objects including projects using "/opt/contrail/utils/Chmod2.py" script |
|
2017-07-24 23:10:31 |
Aniruddh Amonker |
information type |
Proprietary |
Private |
|
2017-07-24 23:45:02 |
Jim Reilly |
bug |
|
|
added subscriber att-aic-contrail |
2017-07-24 23:45:10 |
Jim Reilly |
bug |
|
|
added subscriber Jim Reilly |
2017-07-25 03:47:47 |
Sachin Bansal |
juniperopenstack: assignee |
|
Suresh Vinapamula (sureshk) |
|
2017-07-25 06:45:39 |
Jeba Paulaiyan |
tags |
att-aic-contrail object-creation rbac |
att-aic-contrail config object-creation rbac |
|
2017-07-26 05:38:44 |
Sachin Bansal |
information type |
Private |
Public |
|
2017-07-26 18:51:31 |
Jeba Paulaiyan |
nominated for series |
|
juniperopenstack/r4.0 |
|
2017-07-26 18:51:31 |
Jeba Paulaiyan |
bug task added |
|
juniperopenstack/r4.0 |
|
2017-07-26 18:51:31 |
Jeba Paulaiyan |
nominated for series |
|
juniperopenstack/r3.2 |
|
2017-07-26 18:51:31 |
Jeba Paulaiyan |
bug task added |
|
juniperopenstack/r3.2 |
|
2017-07-26 18:51:31 |
Jeba Paulaiyan |
nominated for series |
|
juniperopenstack/trunk |
|
2017-07-26 18:51:31 |
Jeba Paulaiyan |
bug task added |
|
juniperopenstack/trunk |
|
2017-07-26 18:51:45 |
Jeba Paulaiyan |
juniperopenstack/r4.0: assignee |
|
Suresh Vinapamula (sureshk) |
|
2017-07-26 18:51:53 |
Jeba Paulaiyan |
juniperopenstack/r3.2: assignee |
|
Suresh Vinapamula (sureshk) |
|
2017-07-26 18:52:02 |
Jeba Paulaiyan |
juniperopenstack/r3.2: milestone |
|
r3.2.5.0 |
|
2017-07-26 18:52:53 |
Jeba Paulaiyan |
juniperopenstack/r3.2: milestone |
r3.2.5.0 |
|
|
2017-08-01 18:09:49 |
Jeba Paulaiyan |
juniperopenstack/r3.2: milestone |
|
r3.2.5.0 |
|
2017-08-01 18:09:53 |
Jeba Paulaiyan |
juniperopenstack/r4.0: milestone |
|
r4.0.1.0 |
|
2017-08-01 18:09:56 |
Jeba Paulaiyan |
juniperopenstack/trunk: milestone |
|
r4.1.0.0-fcs |
|
2017-08-01 18:10:02 |
Jeba Paulaiyan |
juniperopenstack/r3.2: importance |
Undecided |
High |
|
2017-08-01 18:10:07 |
Jeba Paulaiyan |
juniperopenstack/r4.0: importance |
Undecided |
Medium |
|
2017-08-01 18:10:09 |
Jeba Paulaiyan |
juniperopenstack/trunk: importance |
Undecided |
Medium |
|
2017-08-01 19:30:46 |
OpenContrail Admin |
juniperopenstack/trunk: status |
New |
In Progress |
|
2017-08-01 19:48:39 |
OpenContrail Admin |
juniperopenstack/r3.2: importance |
High |
Medium |
|
2017-08-01 19:48:39 |
OpenContrail Admin |
juniperopenstack/r3.2: status |
New |
In Progress |
|
2017-08-04 04:03:52 |
OpenContrail Admin |
juniperopenstack/r4.0: status |
New |
In Progress |
|
2017-08-27 02:13:08 |
OpenContrail Admin |
juniperopenstack/trunk: status |
In Progress |
Fix Committed |
|
2017-08-27 02:13:59 |
OpenContrail Admin |
juniperopenstack/r4.0: status |
In Progress |
Fix Committed |
|
2017-08-28 18:33:27 |
OpenContrail Admin |
juniperopenstack/r4.0: status |
Fix Committed |
In Progress |
|
2017-08-28 18:45:41 |
OpenContrail Admin |
juniperopenstack/trunk: status |
Fix Committed |
In Progress |
|
2017-08-29 11:32:01 |
OpenContrail Admin |
juniperopenstack/r4.0: status |
In Progress |
Fix Committed |
|
2017-08-30 16:32:56 |
OpenContrail Admin |
juniperopenstack/r3.2: status |
In Progress |
Fix Committed |
|
2017-09-01 05:45:17 |
OpenContrail Admin |
juniperopenstack/trunk: status |
In Progress |
Fix Committed |
|
2017-09-23 16:26:21 |
Jim Reilly |
tags |
att-aic-contrail config object-creation rbac |
att-aic-contrail blocker config object-creation rbac |
|