[openstack-dev] [nova] Server Group API: add 'action' to authorizer?

Alex Xu xuhj at linux.vnet.ibm.com
Mon Aug 25 11:00:55 UTC 2014


On 2014年08月23日 18:29, Christopher Yeoh wrote:
> On Sat, 23 Aug 2014 03:56:27 -0500
> Joe Cropper <cropper.joe at gmail.com> wrote:
>
>> Hi Folks,
>>
>> Would anyone be opposed to adding the 'action' checking to the v2/v3
>> authorizers?  This would allow administrators more fine-grained
>> control over  who can read vs. create/update/delete server groups.
>>
>> Thoughts?
>>
>> If folks are supportive, I'd be happy to add this... but not sure if
>> we'd treat this as a 'bug' or whether there is a blueprint under which
>> this could be done?
> Long term we want to have a separate authorizer for every method. Alex
> had a nova-spec  proposed for this but it unfortunately did not make
> Juno
>
> https://review.openstack.org/#/c/92326/
>
> Also since the feature proposal deadline has passed it'll have to wait
> till Kilo.

Yes, that spec propose adding policy rule for each API for get more 
fine-grained control. But we have to wait till K release.

>
> Chris
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>




More information about the OpenStack-dev mailing list