[openstack-dev] [nova] The status of servers API's filters
Alex Xu
soulxu at gmail.com
Fri Jan 27 10:37:08 UTC 2017
The patches about validation the filters and sorts for servers API are
merged [0]. But we still have something left [1].
The left is about the proposal of introducing the new rule
'os_compute_api:servers:all_tenants_visible' which is soft enforcement. The
new rule will instead of the old hard enforcement rule
"os_compute_api:servers:index:get_all_tenants".
In the discussion of nova API meeting, Join pointed out that the change
from hard enforcement to soft enforcement needs Microversion. The API used
to return 403 when user didn't have permission of all_tenants parameter.
But now the API returns 200 with the own instances when no permission of
all_tenants parameter. So the proposal should be separated to two parts:
i. rename the policy from "get_all_tenants" to the "all_tenants_visible"
ii. change the enforcement from hard to soft by Microversion.
In the old microversion, the rule keeps as hard enforcement.
So in Ocata, "get_all_tenants" will be deprecated. If the deployer have
overriden rule in the policy file, the old rule still will be enforced, and
the warning message will be emit to notice that the user needs to move
their custom rule to the new rule 'all_tenants_visiable'. And if the API
user requests with new microversion, the rule will become soft enforcement.
So if that sounds make sense, there also have another question about
whether we have enough time to merge it. I think Matt will make a call on
it.
And due to holidays in China, both I and Kevin are in vacation. And really
really appreciate Ghanshyam take care on those patches! The spec[3] and the
patch[1] already updated by him.
Anyway....Happy Chinese New Year to everyone(yea, new year again \o/).
Thanks
Alex
[0] https://review.openstack.org/408571 and https://review.openstack.
org/415142
[1] https://review.openstack.org/#/q/status:open+project:
openstack/nova+branch:master+topic:bp/add-whitelist-for-
server-list-filter-sort-parameters
[3] https://review.openstack.org/425533
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170127/d33e0cd7/attachment.html>
More information about the OpenStack-dev
mailing list