Open Stack

On Tue, Aug 28, 2012 at 4:19 AM, Rongze Zhu <zrzhit at gmail.com> wrote:
>
> Hi Everyone, I have a question about cinder volume actions.
> There are some APIs in
> cinder/api/openstack/volume/contrib/volume_actions.py, for example,
> os-attach/os-detach/os-reserve/os-unreserve/os-initialize_connection/os-terminate_connection/os-volume_upload_image.
> I know that they are only used for nova, but if a user to call directly
> os-reserve by HTTP REST, it will cause confusion, because os-reserve will
> change volume status in database. How do we prevent the user to directly
> call os-reserve?
>

Hi Rongze,

Did you ever come up with anything on this issue?  I thought it would
trivial to restrict the volume actions to admin only via policy  - but
it seems like there's a few issues to work out in order to get nova's
cinderclient to use an admin context when forwarding updates to
cinder?  What were your thoughts?

-clayg