Using neutron policy in Juno to restrict ability to external networks

asked 2015-05-22 09:28:21 -0500

JonathanBarber gravatar image

We are using Neutron from Redhat (RPM openstack-neutron-2014.2.2-5.el7ost.noarch)

I'm experimenting with policy.json to discover if it's possible to restrict which external networks a user can use as a gateway. I would like to do this as I have multiple external flat networks, and I want to restrict which external network a tenant can use.

To do this, I've been looking at trying to lookup the tenant ID of the external_gateway_info:network_id and use this - but I don't know if it's possible or if the syntax I'm trying to use is correct, my current attempt looks something like this:

"update_router:external_gateway_info": "role:admin or tenant_id:%(network_id)s"

But it isn't achieving the result I want (restricting the networks a router can be attached to those that are in the same tenant as the user).

edit retag flag offensive close merge delete