[openstack-dev] [neutron] Limitation of permissions on modification some resources

Andrey Epifanov aepifanov at mirantis.com
Mon Sep 29 11:09:27 UTC 2014


Hi All,

I started working on the the https://bugs.launchpad.net/neutron/+bug/1339028
and realized that we have the same issue with other connected resources 
in Neutron.

The problem is that we have API for the modification of any resources 
without
limitations, for example, we can modify Router IP and connected to this 
subnet
VMs never will know about it and lose the default router. The same situation
with routes and IP for DHCP/DNS ports.

https://bugs.launchpad.net/neutron/+bug/1374398
https://bugs.launchpad.net/neutron/+bug/1267310

So, we need to have common approach for the resolving these issues.

Solution might be  the following:
- To deny any modification of resources that were created and
    configured automatically during usual operations.
- To provide modification permissions only to admin.

What is your opinion?

/Thanks and Best Regards,
Andrey./
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140929/51a54ca2/attachment.html>


More information about the OpenStack-dev mailing list