yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1445199] Re: Nova user should not have admin role

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: "Dr. Jens Harbott" <j.harbott@xxxxxxxx>
Date: Tue, 05 Jun 2018 13:25:50 -0000
Reply-to: Bug 1445199 <1445199@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Devstack is meant to provide a deployment suitable for development, not
a hardened setup that could be used in production. While it could adopt
this if Nova supported it, I'll mark the bug as invalid for devstack.

** Changed in: devstack
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1445199

Title:
  Nova user should not have admin role

Status in devstack:
  Invalid
Status in OpenStack Compute (nova):
  Confirmed
Status in OpenStack Security Advisory:
  Invalid

Bug description:
  
  Most of the service users are granted the 'service' role on the 'service' project, except the 'nova' user which is given 'admin'. The 'nova' user should also be given only the 'service' role on the 'service' project.

  This is for security hardening.

To manage notifications about this bug go to:
https://bugs.launchpad.net/devstack/+bug/1445199/+subscriptions