Rocky Multi Domain external network editing

asked 2019-03-23 13:22:47 -0500

RonyNov gravatar image

Hi, i have a juju/maas rocky installation. I trying to simulate Domains isolation. I used the policy.v3cloudsample.json to replace policy.json on both Horizon and Keystone. I can create a domain, project and an admin for this domain. However a Domain admin can still edit the external network which is shared and holds the floating IP subnet. This means that any domain admin can affect external access for any other domain. This is a huge caveats. I am doing something wrong ? Is there a way to propegate the cloud admin role to other services (neutron, glance, ...)

Thank you for your help. Rony

edit retag flag offensive close merge delete