Hi, Dnia wtorek, 27 lutego 2024 21:20:21 CET Satish Patel pisze:
Folks,
I want to disable permission or the horizon button or whatever best way to not allow end users to "Release floating IP" because I want them to stick with assigned IP and not releasing them because of some regulatory process.
Not sure what is the best way to have this level of control. I found neutron policy delete_floatingip: but is this the correct way to implement this policy?
This is good approach to do it in the Neutron. You need to look at the policy of the "update_floatingip" [1]. If You want to forbid only disassociate FIP You can try to add custom policy based on the field value, some example of such policy is done for RBAC API, see [2]. But I never tested something like that so you may need to play with it a bit.
OR
Does Horizon have some level of ACL to remove buttons or disable it?
That I have no idea about. Sorry.
Looking for advice or clues.
Thanks!
[1] https://github.com/openstack/neutron/blob/master/neutron/conf/policies/float... [2] https://github.com/openstack/neutron/blob/master/neutron/conf/policies/rbac.... -- Slawek Kaplonski Principal Software Engineer Red Hat