On 3/2/2016 3:02 AM, Zhenyu Zheng wrote:
Hi, Nova, While I'm working on add "changes-since" parameter support for python-novaclient "list" CLI. I realized that non-admin can list all deleted instances using "changes-since" parameter. This is reasonable in some level, as delete is an update to instances. But as we have a limitation that when list instances, deleted parameter is only allowed for admin users. This will lead to inconsistent to the rule of show deleted instances, as we limit the list of deleted instances to admin only, but non-admin can get the information using changes-since. Should we fix this? https://bugs.launchpad.net/nova/+bug/1552071 Thanks, Kevin Zheng __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Unless I'm missing some use case, I think that listing instances for non-admins should be restricted to the instances they own, regardless of whether or not they are deleted, period.
As for listing deleting instances as an admin, that was broken with the 2.16 microversion and there is a fix here:
https://review.openstack.org/#/c/283820/ -- Thanks, Matt Riedemann __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
