12.5. 为外部网络授予 RBAC 策略访问权限

您可以使用 --action access_as_external 参数为外部网络(附加网关接口的网络)授予基于角色的访问控制(RBAC)策略访问权限。

完成以下示例流程中的步骤,为 web-servers 网络创建 RBAC,并授予工程项目(c717f263785d4679b16a122516247deb)的访问权限:

  • 使用 --action access_as_external 选项创建一个新的 RBAC 策略:

    # openstack network rbac create --type network --target-project c717f263785d4679b16a122516247deb --action access_as_external web-servers
     Created a new rbac_policy:
    +----------------+--------------------------------------+
    | Field          | Value                                |
    +----------------+--------------------------------------+
    | action         | access_as_external                   |
    | id             | ddef112a-c092-4ac1-8914-c714a3d3ba08 |
    | object_id      | 6e437ff0-d20f-4483-b627-c3749399bdca |
    | object_type    | network                              |
    | target_project | c717f263785d4679b16a122516247deb     |
    | project_id     | c717f263785d4679b16a122516247deb     |
    +----------------+--------------------------------------+

    因此,工程项目中的用户可以查看网络或连接实例:

    $ openstack network list
    +--------------------------------------+-------------+------------------------------------------------------+
    | id                                   | name        | subnets                                              |
    +--------------------------------------+-------------+------------------------------------------------------+
    | 6e437ff0-d20f-4483-b627-c3749399bdca | web-servers | fa273245-1eff-4830-b40c-57eaeac9b904 192.168.10.0/24 |
    +--------------------------------------+-------------+------------------------------------------------------+