This does not work however:
stack@tm-devstack01:~$ source openrc admin admin stack@tm-devstack01:~$ neutron bgpvpn-create --route-targets 64512:77 --tenant-id cc432618b9fa4275b324346b9f8a4398 Created a new bgpvpn: +----------------------+--------------------------------------+ | Field | Value | +----------------------+--------------------------------------+ | auto_aggregate | True | | export_targets | | | id | 40fd4ad6-aac7-46c3-ada1-ac6c92d7ccf8 | | import_targets | | | name | | | networks | | | route_distinguishers | | | route_targets | 64512:77 | | tenant_id | cc432618b9fa4275b324346b9f8a4398 | | type | l3 | +----------------------+--------------------------------------+ stack@tm-devstack01:~$ stack@tm-devstack01:~$ neutron bgpvpn-net-assoc-create 40fd4ad6-aac7-46c3-ada1-ac6c92d7ccf8 --network netfoo Not authorized.
So the admin can do an association, but has to do that in the context of the tenant. Is is an issue ?
This does not work however:
stack@tm- devstack01: ~$ source openrc admin admin devstack01: ~$ neutron bgpvpn-create --route-targets 64512:77 --tenant-id cc432618b9fa427 5b324346b9f8a43 98 ------- ------- --+---- ------- ------- ------- ------- ------+ ------- ------- --+---- ------- ------- ------- ------- ------+ aac7-46c3- ada1-ac6c92d7cc f8 | shers | | 5b324346b9f8a43 98 | ------- ------- --+---- ------- ------- ------- ------- ------+ devstack01: ~$ devstack01: ~$ neutron bgpvpn- net-assoc- create 40fd4ad6- aac7-46c3- ada1-ac6c92d7cc f8 --network netfoo
stack@tm-
Created a new bgpvpn:
+------
| Field | Value |
+------
| auto_aggregate | True |
| export_targets | |
| id | 40fd4ad6-
| import_targets | |
| name | |
| networks | |
| route_distingui
| route_targets | 64512:77 |
| tenant_id | cc432618b9fa427
| type | l3 |
+------
stack@tm-
stack@tm-
Not authorized.
So the admin can do an association, but has to do that in the context of the tenant.
Is is an issue ?