Hi,
On a setup with 3 nodes (running Centos 7.2):
-Openstack node (Mitaka)
-Contrail config, controller, analytics node (Contrail 3.2)
-compute node
The Openstack was installed first, then Contrail was installed and provisioned using the fab tool.
1. Create new projects named: second and third.
2. In the GUI, create different networks as follows:
One default network, just type a name and hit save.
One global network, under permissions, global share permissions, choose: read, write, refer.
One shared network, under permissions, shared list, chose the different projects and assign read-write-refer rights. Please see attachment: first-step.
3. In the GUI change to see the second project.
4. Expected results:
- The default network is not be visible because it is not shared with other projects. This is correct
- The global network is visible because it is shared globally. This is correct. Under the second project, the network can be deleted, but there is no "wheel" icon to modify this network in the second project. I believe that this is an issue. Please see attachment: second-step
- Biggest issue: the shared network is not visible. Since the network was created and was chosen to be shared with the other projects, it should be visible.
As reference I am using:
http://www.juniper.net/documentation/en_US/contrail3.2/information-products/pathway-pages/contrail-feature-guide-pwp.pdf page 86, figure 12: Edit Object Level Access.
Other information: I have tried the above scenario when having aaa_mode set to no-auth and also when aaa_mode is set to rbac. The behavior is the same
I have provided an example for Networks, but this is a general issue affecting all Objects.