Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-12519

Octavia Provider network accessible to all projects

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • rhos-18.0.6
    • rhos-18.0.3
    • octavia-operator
    • None
    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • octavia-operator-container-1.0.7-8
    • None
    • Hide
      .Corrected Load-balancing service provider network visibility
      Before this update, end users could see the Load-balancing service provider network.
      Now the Load-balancing service provider network is only visible to the administrators.
      Show
      .Corrected Load-balancing service provider network visibility Before this update, end users could see the Load-balancing service provider network. Now the Load-balancing service provider network is only visible to the administrators.
    • Bug Fix
    • Done
    • Moderate

      The 'octavia provider network' (external network) is deployed by the octavia operator and is visible to all projects.
      Octavia operator needs to correct this RBAC so that only the 'service' project or the 'project' in which the Octavia CP is deployed needs to be authorized on this 'octavia provider network'

      The RBAC expected is only the project of Octavia.

      Detail :
      [09:48:59]$ openstack network rbac show 2d73aeeb-b505-4bac-8131-142f91e6e129
      -------------------------------------------------------+

      Field Value

      -------------------------------------------------------+

      action access_as_external
      id 2d73aeeb-b505-4bac-8131-142f91e6e129
      object_id 431abdc6-82c9-4c1b-981d-b8c112057360
      object_type network
      project_id 0a0bb007ba20421995e7ed936676d2c4
      target_project_id

      -------------------------------------------------------+
      [09:49:05]$ os network show 431abdc6-82c9-4c1b-981d-b8c112057360
      ---------------------------------------------------------------+

      Field Value

      ---------------------------------------------------------------+

      admin_state_up UP
      availability_zone_hints  
      availability_zones  
      created_at 2024-11-14T14:46:50Z
      description LBaaS Management Provider Network
      dns_domain  
      id 431abdc6-82c9-4c1b-981d-b8c112057360
      ipv4_address_scope None
      ipv6_address_scope None
      is_default False
      is_vlan_transparent None
      l2_adjacency True
      mtu 1500
      name octavia-provider-net
      port_security_enabled True
      project_id 0a0bb007ba20421995e7ed936676d2c4
      provider:network_type flat
      provider:physical_network octavia
      provider:segmentation_id None
      qos_policy_id None
      revision_number 2
      router:external External
      segments None
      shared False
      status ACTIVE
      subnets f05e6cad-999e-4814-8130-8823ff46fdec
      tags  
      tenant_id 0a0bb007ba20421995e7ed936676d2c4
      updated_at 2024-11-14T14:46:51Z

      ---------------------------------------------------------------+

              rhn-support-gthiemon Gregory Thiemonge
              rhn-support-cylopez Cyril Lopez
              rhos-dfg-networking-squad-vans
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: