<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2016-03-03 2:11 GMT+08:00 Matt Riedemann <span dir="ltr"><<a href="mailto:mriedem@linux.vnet.ibm.com" target="_blank">mriedem@linux.vnet.ibm.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><br>
<br>
On 3/2/2016 3:02 AM, Zhenyu Zheng wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
Hi, Nova,<br>
<br>
While I'm working on add "changes-since" parameter support for<br>
python-novaclient "list" CLI.<br>
<br>
I realized that non-admin can list all deleted instances using<br>
"changes-since" parameter. This is reasonable in some level, as delete<br>
is an update to instances. But as we have a limitation that when list<br>
instances, deleted parameter is only allowed for admin users.<br>
<br>
This will lead to inconsistent to the rule of show deleted instances, as<br>
we limit the list of deleted instances to admin only, but non-admin can<br>
get the information using changes-since.<br>
<br>
Should we fix this?<br>
<br>
<a href="https://bugs.launchpad.net/nova/+bug/1552071" rel="noreferrer" target="_blank">https://bugs.launchpad.net/nova/+bug/1552071</a><br>
<br>
Thanks,<br>
<br>
Kevin Zheng<br>
<br>
<br></div></div>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
</blockquote>
<br>
Unless I'm missing some use case, I think that listing instances for non-admins should be restricted to the instances they own, regardless of whether or not they are deleted, period.<br></blockquote><div><br></div><div>agree with this. I didn't see a problem showing the deleted instance for non-admins.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
As for listing deleting instances as an admin, that was broken with the 2.16 microversion and there is a fix here:<br>
<br>
<a href="https://review.openstack.org/#/c/283820/" rel="noreferrer" target="_blank">https://review.openstack.org/#/c/283820/</a><span class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
<br>
Thanks,<br>
<br>
Matt Riedemann<br>
<br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</font></span></blockquote></div><br></div></div>