1

As titled, I want to create a security group that can be used in all projects.

Let's said I have two security group:

  1. server-sg
  2. corey-sg

A server running in admin project, its security group (server-sg) restrictions only allow the access source that has a specific security group (corey-sg), like this:

server_sg:
  type: OS::Neutron::SecurityGroup
  properties:
    name: server-sg
    rules:
      - protocol: tcp
        direction: ingress
        port_range_min: 3389
        port_range_max: 3389
        remote_group_id: { get_resource: corey-sg }
        remote_mode: remote_group_id

But, if I create corey-sg in admin project, I can't use it in any other projects, how do I create a security group that can be shared/recognized/used by all projects' instances, any idea?

Corey
  • 1,217
  • 3
  • 22
  • 39

1 Answers1

1

Maybe you are looking for RBAC(Role-Based Access Control) policy, check from "Sharing a security group with specific projects".

FYI.

No other users (other than admins and the owner) will be able to see the security group.

Victor Lee
  • 2,467
  • 3
  • 19
  • 37
  • Seems the type `security_group` is only supported after Stein. Anyways, thanks for your idea. – Corey Oct 13 '21 at 07:55
  • 1
    Sorry, it's supported since Train, here is the [Docs](https://docs.openstack.org/python-openstackclient/train/cli/command-objects/network-rbac.html). – Corey Oct 13 '21 at 08:12
  • 1
    Welcome, I also learn from your good question. – Victor Lee Oct 13 '21 at 09:30