Allow add/delete networks ports as a tenant

Registered by Itxaka Serrano

Allow add/delete networks ports as a tenant instead of it being virtually limited to the admin

Seems that the tenants, that can already create networks and sub-networks, should be able to create ports without depending on an admin.

Allow add/delete networks ports as a tenant instead of it being limited to the admin.

New buttons would appear on the subnet tables

Testing needs to be done to make sure that the new actions are covered by tests.

Outside Dependencies
No outside dependencies

Requirements Update Required
No requirements

Doc Impact
Should meantion on the release notes that a tenant can now create and delete ports.

Blueprint information

Itxaka Serrano
Needs approval
Itxaka Serrano
Series goal:
Needs Code Review
Milestone target:
Started by
Itxaka Serrano
Completed by
Itxaka Serrano

Related branches



Gerrit topic:,topic:bp/network-ports-tenant,n,z

Addressed by:
    Allow add/delete networks ports as a tenant [ABANDONED]

Discussed in the drivers meeting on 2015-01-06; needs more info on use case.

[tsufiev, 2015-01-06] Although I doubt the UX value of regular users being able to Add/Delete ports, I still think that any user who just created a port should be able to delete it as well - if it's not used by a running VM. Both add/delete belongs to a single bp, because one operation doen't make sense w/o another.

[itxaka, 2015-01-07]
On the use case: The automatic added ports for your instances are not always the desired ones. There is at least 3 types of ports (normal, direct, vMac) so maybe you need your instance to use one of those. In that case you need to ask an admin to create a port of that type in your tenant network.
Also, when you deatach ports from a running instance, they keep there but are unused, as attaching port just creates new ones. Why would a user not be able to remove those unused ports?
(To reproduce, create an instance and keep deataching/attaching interfaces, then go to your network and see all the ports in there unused)

On the separation of add/delete: From my POV it makes no sense. To allow a user to add ports but then have the user not able to delete them and resort to either ask an admin or go to the cli is backwards. In fact, that seems like a half assed feature which I rather not do.

Regarding the deleting of ports from running VMS, my opinion differs. Its up to the user to do so or not and if neutron allows to do it, why would we act as a guardian of it? I
 just tested locally and you can delete a port attached to an instance with no problems as a normal non-admin user.
What is the reasoning of removing cli features just because?

Gerrit topic:,topic:bug/1399252,n,z

Addressed by:
    Add Port-Create in Project Dashboard


Work Items

This blueprint contains Public information 
Everyone can see this information.


No subscribers.