2cfc1231dc
This patch set introduces a new feature called provider-security-groups. Provider security groups allow the provider to create a security group that is automatically attached to a specific tenants ports. The one important thing to note is that rules inside of a provider security group are set to DENY where as a normal security group they are set to ALLOW. Provider security groups allow the admin tenant to block specific traffic for any tenant they like by creatng a provider group. To use this feature the admin tenant must first create a provider security group on behalf of the other tenant (i.e): $ neutron security-group-create no-pokemon-go-access --provider=True \ --tenant-id=<shall remain nameless> Then, whenever the above tenant id creates a port they will see a an additional field on the port "provider-security-groups" which will contain the uuid of the provider security group. This user can then query neutron to see which rules are in it that are blocking them. NOTE: one needs to use the correct policy.json file from this repo for neutron inorder to prevent the tenant from removing the group. Co-Authored-By: Aaron Rosen <aaronorosen@gmail.com> Change-Id: I57b130437327b0bbe5cc0068695f226b76b4e2ba |
||
|---|---|---|
| .. | ||
| oslo-config-generator | ||
| policy | ||
| policy.json | ||
| README.txt | ||
To generate the sample vmware-nsx configuration files, run the following command from the top level of the vmware-nsx directory: tox -e genconfig If a 'tox' environment is unavailable, then you can run the following script instead to generate the configuration files: ./tools/generate_config_file_samples.sh