I have re-run tests and confirmed that the `load-balancer_admin` is already the least-privileged role we can give to the nagios user. As for the safety concerns, based on OpenStack team's previous responses ([1] [2]) to the security of Octavia APIs, it seems that the risk is very low.
I have re-run tests and confirmed that the `load-balancer_ admin` is already the least-privileged role we can give to the nagios user. As for the safety concerns, based on OpenStack team's previous responses ([1] [2]) to the security of Octavia APIs, it seems that the risk is very low.
[1]: https:/ /storyboard. openstack. org/#!/ story/2008697 /storyboard. openstack. org/#!/ story/2008715
[2]: https:/