yahoo-eng-team team mailing list archive

[Matt Riedemann <mriedem@xxxxxxxxxx>]

Public bug reported:

Listing deleted instances is admin only, but it's not clear why non-
admins can't list deleted instances in their own project/tenant.  This
should be policy driven so that non-admins can list the deleted
instances in their project.

I'm not exactly sure where this is enforced in the code, however. It
doesn't fail, it just doesn't return anything:

stack@archive:~/devstack$ nova list --deleted
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+


This is slightly different but very explicit:

https://github.com/openstack/nova/blob/12.0.0/nova/api/openstack/compute/servers.py#L335-L340

Results in:

stack@archive:~/devstack$ nova list --deleted --status 'deleted'
ERROR (Forbidden): Only administrators may list deleted instances (HTTP 403) (Request-ID: req-fb8ed625-2f2d-45ff-87cd-b5571cdf1dac)

** Affects: nova
     Importance: Wishlist
         Status: Invalid


** Tags: api rfe

** Description changed:

  Listing deleted instances is admin only, but it's not clear why non-
  admins can't list deleted instances in their own project/tenant.  This
  should be policy driven so that non-admins can list the deleted
  instances in their project.
+ 
+ I'm not exactly sure where this is enforced in the code, however. It
+ doesn't fail, it just doesn't return anything:
+ 
+ stack@archive:~/devstack$ nova list --deleted
+ +----+------+--------+------------+-------------+----------+
+ | ID | Name | Status | Task State | Power State | Networks |
+ +----+------+--------+------------+-------------+----------+
+ +----+------+--------+------------+-------------+----------+
+ 
+ 
+ This is slightly different but very explicit:
+ 
+ https://github.com/openstack/nova/blob/12.0.0/nova/api/openstack/compute/servers.py#L335-L340
+ 
+ Results in:
+ 
+ stack@archive:~/devstack$ nova list --deleted --status 'deleted'
+ ERROR (Forbidden): Only administrators may list deleted instances (HTTP 403) (Request-ID: req-fb8ed625-2f2d-45ff-87cd-b5571cdf1dac)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1518436

Title:
  RFE: non-admins should be able to get their deleted instances

Status in OpenStack Compute (nova):
  Invalid

Bug description:
  Listing deleted instances is admin only, but it's not clear why non-
  admins can't list deleted instances in their own project/tenant.  This
  should be policy driven so that non-admins can list the deleted
  instances in their project.

  I'm not exactly sure where this is enforced in the code, however. It
  doesn't fail, it just doesn't return anything:

  stack@archive:~/devstack$ nova list --deleted
  +----+------+--------+------------+-------------+----------+
  | ID | Name | Status | Task State | Power State | Networks |
  +----+------+--------+------------+-------------+----------+
  +----+------+--------+------------+-------------+----------+

  
  This is slightly different but very explicit:

  https://github.com/openstack/nova/blob/12.0.0/nova/api/openstack/compute/servers.py#L335-L340

  Results in:

  stack@archive:~/devstack$ nova list --deleted --status 'deleted'
  ERROR (Forbidden): Only administrators may list deleted instances (HTTP 403) (Request-ID: req-fb8ed625-2f2d-45ff-87cd-b5571cdf1dac)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1518436/+subscriptions