Open jgruber opened 7 years ago
jgruber
commented
7 years ago Just a note.. I'm not sure the BVT test should work.
The use case to me that is important is the admin tenant can create a loadbalancer for a non-admin tenant with the loadbalancing subnet_id on a non-shared network owned by admin. This is the use case for letting a third party orchestration create a loadbalancer for a non-admin tenant with a loadbalancer on a public facing network.
richbrowne
commented
7 years ago This scenario results in a loadbalancer in 'ERROR' state using the Octavia loadbalancer. Our driver should pass when the admin user creates a loadbalancer for a particular tenant provided the --tenant-id parameter matches the subnet ID.
richbrowne
commented
7 years ago Ok, this does work on the Octavia driver. I was hitting an error in the number of loadbalancers I could create. On Octavia, I see a loadbalancer with the tenant id of the admin and a subnet tenant id of the tenant.
We need to be able to check that the user that is creating the loadbalancer is 'admin' or has admin privileges. I am not sure how the driver does this.
szakeri
commented
7 years ago @dflanigan @mattgreene Could you take a look this issue? If this is supported, then I can work on it next sprint, otherwise can we close it?
mattgreene
commented
7 years ago This is a known limitation with the F5 product and will be addressed in a future release. Exclude from automated regression.
Agent Version
9.2.0
Operating System
RHEL 7.3
OpenStack Release
Mitaka
Bug Severity
Severity: 5
Description
According to community BVT
when a loadbalacner is created by the admin tenant and no tenant_id is explicitly specified in the loadbalancer create call, the subnet_id should be interrogated and the tenant for the neutron subnet should be used for the loadblancer.
Deployment
Run neutron_lbaas.tests.tempest.v2.api.test_load_balancers_admin.LoadBalancersTestJSON.test_create_load_balancer_missing_tenant_id_field_for_admin
Errors in the /var/log/neutron/server.log on the controller: