[Openstack-operators] [ceilometer][keystone][billing] RBAC restrictions of Ceilometer's Event API prevents billing of Openstack cloud

gord chung gord at live.ca
Fri Dec 18 15:24:18 UTC 2015


> See the commit that just merged:
>
> https://review.openstack.org/#/c/240719/
>
>
> You could create a role called "observer" or "auditor" on the admin
> project, and modify the policy files for the services you want so that
> users with "auditor" with tokens that have "is_admin_project" set   can
> read the data for that API.
>
> Can you enumerate the APIS you want to call this way?
this will probably need a patch in ceilometer. it currently is 
configured to limit results to a matching project of user. if this 
functionality is required, you should raise it on dev list or as a bug.

cheers,

-- 
gord

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151218/8132cf7c/attachment.html>


More information about the OpenStack-operators mailing list