Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1692718 - Limiting Availability zones visibility for tenants
Summary: Limiting Availability zones visibility for tenants
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: unspecified
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: nova-maint
QA Contact: nova-maint
Depends On:
TreeView+ depends on / blocked
Reported: 2019-03-26 09:54 UTC by abdelhadi
Modified: 2019-03-28 15:40 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-03-28 15:40:19 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description abdelhadi 2019-03-26 09:54:44 UTC
Description of problem:

Limit visibility of availability zones to a subset of users. Currently the availability zones once defined are visible to any user. We use availability zones and overload their meaning to separate physical security zones. Some tenants should not be able to see some security domains nor be able to launch workloads in them.

We need to have some way to limit the tenant access to availability zones. We are thinking of building an RBAC mechanism that should be more generic at nova level. Currently you can have private instance flavors for example but there is no generic rbac mechanism in nova like the one in neutron

Comment 1 Matthew Booth 2019-03-28 15:40:19 UTC

*** This bug has been marked as a duplicate of bug 1692719 ***

Note You need to log in before you can comment on or make changes to this bug.