Changing policy.json is invalid for creating an aggregate
Bug #1240831 reported by
wingwj
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Medium
|
wingwj |
Bug Description
In default, Aggregate actions require the admin-user to operate.
In order to give rights to normal-user, I change it in the policy.json , like this:
from
to
But the operation result is also rejected.
----------------
I check the codes in Nova, the fault dues to def require_
That means Nova has checked the policy of one API twice.
So why twice? The policy has already checked in the api-layer.
That cause the problem happens~
P.S. I checked the similar codes in Cinder/Neutron, they're the same..
If you want to change an admin_api to a regular one, this problem is also existed.
Can we wipe off the def require_ admin_context( ) in db-layer, or use def require_context() instead?