tried some commands with following changes in policy.json
"userallow": "user_id:%(user_id)s",
"compute:get": "rule:userallow", "compute:pause": "rule:userallow", "compute:unpause": "rule:userallow",
"os_compute_api:servers:show": "rule:userallow", "compute_extension:admin_actions:pause": "rule:admin_or_owner", "compute_extension:admin_actions:unpause": "rule:admin_or_owner",
pause /unpause can only be executed by owner or admin by default in v2.1
jichen@devstack1:~$ nova --service-type compute_legacy --os-user-name alt_demo --os-project-name demo show ji1 ERROR (Forbidden): Policy doesn't allow compute:get to be performed. (HTTP 403) (Request-ID: req-1c93cd00-1df8-4722-b10f-9fed29536fb6)
jichen@devstack1:~$ nova --service-type compute --os-user-name alt_demo --os-project-name demo show ji1 +--------------------------------------+----------------------------------------------------------------+ | Property | Value | +--------------------------------------+----------------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-STS:power_state | 3 | | OS-EXT-STS:task_state | - |
jichen@devstack1:~$ nova --service-type compute --os-user-name alt_demo --os-project-name demo pause ji1 jichen@devstack1:~$
jichen@devstack1:~$ nova --service-type compute_legacy --os-user-name alt_demo --os-project-name demo pause ji1 ERROR (Forbidden): Policy doesn't allow compute:get to be performed. (HTTP 403) (Request-ID: req-63e39575-af0d-4fac-8e43-4ec7e40fc117) jichen@devstack1:~$
tried some commands with following changes in policy.json
"userallow": "user_id: %(user_ id)s",
"compute:get": "rule:userallow",
"compute:pause": "rule:userallow",
"compute:unpause": "rule:userallow",
"os_ compute_ api:servers: show": "rule:userallow", extension: admin_actions: pause": "rule:admin_ or_owner" , extension: admin_actions: unpause" : "rule:admin_ or_owner" ,
"compute_
"compute_
pause /unpause can only be executed by owner or admin by default in v2.1
jichen@devstack1:~$ nova --service-type compute_legacy --os-user-name alt_demo --os-project-name demo show ji1 1df8-4722- b10f-9fed29536f b6)
ERROR (Forbidden): Policy doesn't allow compute:get to be performed. (HTTP 403) (Request-ID: req-1c93cd00-
jichen@devstack1:~$ nova --service-type compute --os-user-name alt_demo --os-project-name demo show ji1 ------- ------- ------- ------- ----+-- ------- ------- ------- ------- ------- ------- ------- ------- ------+ ------- ------- ------- ------- ----+-- ------- ------- ------- ------- ------- ------- ------- ------- ------+ AZ:availability _zone | nova | STS:power_ state | 3 | STS:task_ state | - |
+------
| Property | Value |
+------
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-
| OS-EXT-
| OS-EXT-
jichen@devstack1:~$ nova --service-type compute --os-user-name alt_demo --os-project-name demo pause ji1
jichen@devstack1:~$
jichen@devstack1:~$ nova --service-type compute_legacy --os-user-name alt_demo --os-project-name demo pause ji1 af0d-4fac- 8e43-4ec7e40fc1 17)
ERROR (Forbidden): Policy doesn't allow compute:get to be performed. (HTTP 403) (Request-ID: req-63e39575-
jichen@devstack1:~$