yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1737050] Re: No way to allow non admins the ability to filter on attributes such as host

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Matt Riedemann <mriedem.os@xxxxxxxxx>
Date: Wed, 30 Jan 2019 13:51:11 -0000
Reply-to: Bug 1737050 <1737050@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
     Assignee: Matt Riedemann (mriedem) => Sam Morrison (sorrison)

** Also affects: nova/rocky
   Importance: Undecided
       Status: New

** Changed in: nova/rocky
       Status: New => In Progress

** Changed in: nova/rocky
   Importance: Undecided => Wishlist

** Changed in: nova/rocky
     Assignee: (unassigned) => melanie witt (melwitt)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1737050

Title:
  No way to allow non admins the ability to filter on attributes such as
  host

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) rocky series:
  In Progress

Bug description:
  We have a special read_only role in keystone and have given that role
  the ability to list all instances via the policy rule:
  index:get_all_tenants.

  It can't however list all instances on a specific host for instance.
  I'm not sure if a new policy rule should be added or it should be
  covered in the existing rule "index:get_all_tenants"?

  The offending code is in nova/api/openstack/compute/servers.py in the
  remove_invalid_options method

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1737050/+subscriptions

References

[Bug 1737050] [NEW] No way to allow non admins the ability to filter on attributes such as host
From: Sam Morrison, 2017-12-07