server suspend action allows authorization by user_id while server resume action does not
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Opinion
|
Wishlist
|
Takashi Kajinami |
Bug Description
Description
===========
Since the following change was merged, nova allows authorization by user_id for server suspend action.
https:/
However the same is not yet implemented in resume action and this results in inconsistent policy rule for corresponding two operations.
Steps to reproduce
==================
* Define policy rules like the following example
"os_compute_
"os_compute_
* Create a server by a non-admin user
* Suspend the server by the user
* Resume the server by the user
Expected result
===============
Both suspend and resume are accepted
Actual result
=============
Only suspend is accepted and resume fails with
ERROR (Forbidden): Policy doesn't allow os_compute_
Environment
===========
This issue was initially reported as one found in stable/xena deployment.
http://
Logs & Configs
==============
N/A
description: | updated |
Changed in nova: | |
assignee: | nobody → Takashi Kajinami (kajinamit) |
Changed in nova: | |
importance: | Undecided → Wishlist |
Fix proposed to branch: master /review. opendev. org/c/openstack /nova/+ /828168
Review: https:/