yahoo-eng-team team mailing list archive

[OpenStack Infra <1737050@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/526558
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=7c56588647be64a2248b1f37d40369765bc6b977
Submitter: Zuul
Branch:    master

commit 7c56588647be64a2248b1f37d40369765bc6b977
Author: Sam Morrison <sorrison@xxxxxxxxx>
Date:   Fri Dec 8 10:15:53 2017 +1100

    Allow ability for non admin users to use all filters on server list.
    
    Adds a new policy rule "os_compute_api:servers:allow_all_filters"
    to control whether a user can use all filters when listing servers.
    
    Closes-bug: #1737050
    
    Change-Id: Ia5504da9a00bad689766aeda20255e10b7629f63


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1737050

Title:
  No way to allow non admins the ability to filter on attributes such as
  host

Status in OpenStack Compute (nova):
  Fix Released

Bug description:
  We have a special read_only role in keystone and have given that role
  the ability to list all instances via the policy rule:
  index:get_all_tenants.

  It can't however list all instances on a specific host for instance.
  I'm not sure if a new policy rule should be added or it should be
  covered in the existing rule "index:get_all_tenants"?

  The offending code is in nova/api/openstack/compute/servers.py in the
  remove_invalid_options method

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1737050/+subscriptions