Details
-
Epic
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
[RFE] Allow sharing security groups as read-only
-
False
-
False
-
0
-
0%
Description
Description of problem:
As discussed on this upstream RFE [1], there is currently no way to share a security group between projects in a read-only way. This would be useful for customers who want to centralize rules, but avoid members of target projects from adding or deleting rules on these shared security groups.
Version-Release number of selected component (if applicable):
RHOSP 16.x
How reproducible:
Reproducible following steps to create an "access_as_shared" (RW) security group as documented on this KCS [2] (pending formal product documentation as described on this BZ [3]).
Steps to Reproduce:
See KCS [2]
Actual results:
Any security group shared as described on [2] can be modified (rules added or deleted) by members/admins of the target projects to which it is being shared.
Expected results:
A customer can share a security group as RO, in which users/admins of the target tenants can make use of the shared security group, but not add or delete rules on it.
Additional info:
[1] https://bugs.launchpad.net/neutron/+bug/1875516
[2] https://access.redhat.com/solutions/6275121
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1995461
Attachments
Issue Links
- external trackers
