[openstack-dev] [Nova] Get-validserver-state default policy
Jay Pipes
jaypipes at gmail.com
Fri Jan 15 07:25:01 UTC 2016
On 01/15/2016 01:50 AM, Juvonen, Tomi (Nokia - FI/Espoo) wrote:
> This API change was agreed is the spec review to be “rule:
> admin_or_owner”, but during code review “rule: admin_api” was also wanted.
> Link to spec to see details what this is about
> (https://review.openstack.org/192246/):
> _http://specs.openstack.org/openstack/nova-specs/specs/mitaka/approved/get-valid-server-state.html_
> In my deployment where this is crucial information for the owner, this
> will certainly be “admin_or_owner”. The question is now what is the
> general feeling about the default value in policy.json and should it
> just be as agreed in spec or should it be changed still.
The host state is NOT something that a regular cloud user should be able
to query, IMHO. Only admins should be able to see anything about the
underlying compute hardware.
Exposing hardware information and statuses out through the REST API is a
bad leak of implementation.
Best,
-jay
More information about the OpenStack-dev
mailing list