ntially
circumventing my planned restrictions because the "user_id" values will
always match.
Is this some limitation within the code or general design of the volume
attachment policies or is there some other approach that has to be taken
here?
Kind regards,
Markus Hentsch
Cloud&Heat Technologies
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Am 20.02.2017 um 10:01 schrieb Vincent Gatignol:
> Le 20/02/2017 à 09:20, Markus Hentsch a écrit :
>> Hello,
>>
>> I'm running a Newton setup where I'm trying to restrict the volume
>> attachment actions using Nova's policy file.
>>
>> I
nting the owner/project it actually belongs to) and that
this is in turn matched against the dynamic "self.context" dict
(representing currently logged in user) according to the policies
defined, something along the lines of:
self.context (e.g. project_id) ---[policy check against]
admin:True" bit which is intended to identify the global admin
only, does not work. Even the global (project-independent) admin is not
able to see all images anymore. The "is_admin:True" usually did the
trick in other components though.
Is there currently no way in Glance to make p
was Glance-specific. There is currently no
consistent way of identifying the "global admin" across the components,
so each one of them might implement their unique way of handling this.
However, it seems there is some movement going on - see the following
(quite recent) blog post for more de
where the user-level was removed entirely from the policy
implementation, if I recall correctly.
Kind regards,
Markus Hentsch
Cloud&Heat Technologies
On 08.01.2018 at 06:50, Ying-Chuan Chen wrote:
> Hi guys,
> I want to ensure that only the owner of the instances can list his
> insta
