Allow non-admin to list all tenants based on policy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Fix Released
|
Medium
|
Christian Berendt |
Bug Description
https:/
commit 55e63f83a7caec5
Author: Davanum Srinivas <email address hidden>
Date: Fri Jun 12 10:26:08 2015 -0400
Allow non-admin to list all tenants based on policy
Currently, running 'nova list --all-tenants' with a policy change:
"compute:
will not work as expected, The returned list of servers will not
contain all instances of all tenants. We should support administrators
who wish to enable this functionality in their policy.json.
We need to fix this problem both in the v2 API and in the v2.1 as well.
Deep in instance_
a filter of project_id or user_id if the context is NOT an admin context.
So, the returned list will be a subset of all the instances in the
database. To fix this scenario, the easy way is to call get_all with
an elevated context to pass this check in instance_
So in fixing the bug above, we need to fix the default policy so that
all-tenants is available by default only to administrators.
UpgradeImpact
SecurityImpact
DocImpact: --all-tenants will list all servers for non-admin
APIImpact: --all-tenants will list all servers for non-admin
Closes-Bug: #1464381
Change-Id: I6fe512ff00a0fd
Changed in openstack-manuals: | |
assignee: | nobody → jelly (coding1314) |
Changed in openstack-manuals: | |
assignee: | jelly (coding1314) → nobody |
Changed in openstack-manuals: | |
assignee: | nobody → Bernd Bausch (berndbausch) |
Changed in openstack-manuals: | |
assignee: | Bernd Bausch (berndbausch) → Christian Berendt (berendt) |
policy.json sample needs to be updated