Public bug reported:
We have a special read_only role in keystone and have given that role
the ability to list all instances via the policy rule:
index:get_all_tenants.
It can't however list all instances on a specific host for instance. I'm
not sure if a new policy rule should be added or it should be covered in
the existing rule "index:get_all_tenants"?
The offending code is in nova/api/openstack/compute/servers.py in the
remove_invalid_options method
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1737050
Title:
No way to allow non admins the ability to filter on attributes such as
host
Status in OpenStack Compute (nova):
New
Bug description:
We have a special read_only role in keystone and have given that role
the ability to list all instances via the policy rule:
index:get_all_tenants.
It can't however list all instances on a specific host for instance.
I'm not sure if a new policy rule should be added or it should be
covered in the existing rule "index:get_all_tenants"?
The offending code is in nova/api/openstack/compute/servers.py in the
remove_invalid_options method
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1737050/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
