Hello,
I don't know if such solution will work properly. I don't have possibility to
check it now :/
--
Pozdrawiam / Best regards
Sławek Kapłoński
sla...@kaplonski.pl
Dnia czwartek, 11 czerwca 2015 18:28:57 Mathieu Gagné pisze:
> haha, you are right.
>
> Should this also be changed so you don'
haha, you are right.
Should this also be changed so you don't end up with "admin" privileges
on all tenants?
From:
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",
To:
"admin_or_owner": "role:admin or project_id:%(project_id)s",
Note: I'm trying to find a temporary way to
Hello,
But AFAIK this will add someone with role "special_role" same priviliges as
someone who has got "admin" role, right?
--
Pozdrawiam / Best regards
Sławek Kapłoński
sla...@kaplonski.pl
Dnia czwartek, 11 czerwca 2015 18:08:38 Mathieu Gagné pisze:
> You can add your new role to this policy:
You can add your new role to this policy:
"context_is_admin": "role:admin or role:special_role",
It will set "is_admin" to True in the context. I'm not sure of the
side-effect to be honest. Use at your own risk...
Mathieu
On 2015-06-11 4:59 PM, George Shuklin wrote:
> Thank you!
>
> You sav
Thank you!
You saved me a day of the work. Well, we'll move a script to admin user
instead of normal user with the special role.
PS And thanks for filling a bugreport too.
On 06/11/2015 10:40 PM, Sławek Kapłoński wrote:
Hello,
I don't think it is possible because in nova/db/sqlalchemy/api.p
Hello,
I thought so but I was not sure :)
I just made bug report for that: https://bugs.launchpad.net/nova/+bug/1464381
--
Pozdrawiam / Best regards
Sławek Kapłoński
sla...@kaplonski.pl
Dnia czwartek, 11 czerwca 2015 13:02:16 Clint Byrum pisze:
> Excerpts from Sławek Kapłoński's message of 2015
Excerpts from Sławek Kapłoński's message of 2015-06-11 12:40:36 -0700:
> Hello,
>
> I don't think it is possible because in nova/db/sqlalchemy/api.py in function
> instance_get_all_by_filters You have something like:
>
> if not context.is_admin:
> # If we're not admin context, add approp
Hello,
I don't think it is possible because in nova/db/sqlalchemy/api.py in function
instance_get_all_by_filters You have something like:
if not context.is_admin:
# If we're not admin context, add appropriate filter..
if context.project_id:
filters['project_id'] = con
Hello.
I'm trying to allow a user with special role to see all instances of all
tenants without giving him admin privileges.
My initial attempt was to change policy.json for nova to
"compute:get_all_tenants": "role:special_role or is_admin:True".
But it didn't work well.
The command (nova
