No way to allow non admins the ability to filter on attributes such as host
Bug #1737050 reported by
Sam Morrison
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Wishlist
|
Sam Morrison |
Bug Description
We have a special read_only role in keystone and have given that role the ability to list all instances via the policy rule: index:get_
It can't however list all instances on a specific host for instance. I'm not sure if a new policy rule should be added or it should be covered in the existing rule "index:
The offending code is in nova/api/
tags: | added: api policy |
Changed in nova: | |
assignee: | Sam Morrison (sorrison) → Zhenyu Zheng (zhengzhenyu) |
Changed in nova: | |
assignee: | Zhenyu Zheng (zhengzhenyu) → Sam Morrison (sorrison) |
Changed in nova: | |
importance: | Undecided → Wishlist |
Changed in nova: | |
assignee: | Sam Morrison (sorrison) → Matt Riedemann (mriedem) |
Changed in nova: | |
assignee: | Matt Riedemann (mriedem) → Sam Morrison (sorrison) |
no longer affects: | nova/rocky |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/526558
Review: https:/