Ask Your Question
0

Policy to control security rule

asked 2017-11-10 12:10:22 -0600

DerpDarako gravatar image

Hello,

I would like to add a simple rule in my policy.json.

I would like to remove the ability to create and delete rule inside a security group for a specific role. I checked inside the json file and tried to update :

"insert_rule": "rule:admin",
"remove_rule": "rule:admin",

But the project's owner can still add/create rule.

Do you have any idea?

Best regards

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2017-11-10 16:53:41 -0600

Bernd Bausch gravatar image

In https://github.com/openstack/neutron/...:

    "create_security_group_rule": "rule:admin_or_owner",
    "delete_security_group_rule": "rule:admin_or_owner",

Try to modify that.

edit flag offensive delete link more
0

answered 2017-11-14 03:47:00 -0600

DerpDarako gravatar image

updated 2017-11-14 07:32:31 -0600

I think you are right! Sadly I use ocata and these rules dont exist for me !

So the fix is to upgrade to Pike.

Thank you for your help

edit flag offensive delete link more

Comments

I guess the insert/remove rules refer to QoS, not secgroups. Indeed, no policy seems to cover secgroups. Did you check the code?

Bernd Bausch gravatar imageBernd Bausch ( 2017-11-14 06:53:26 -0600 )edit

I didnt check the neutron code. i didnt know where to start

DerpDarako gravatar imageDerpDarako ( 2017-11-14 07:32:22 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-11-10 12:10:22 -0600

Seen: 35 times

Last updated: Nov 14