Hi,

Dnia wtorek, 27 lutego 2024 21:20:21 CET Satish Patel pisze:

> Folks,

>

> I want to disable permission or the horizon button or whatever best way to

> not allow end users to "Release floating IP" because I want them to stick

> with assigned IP and not releasing them because of some regulatory process.

>

> Not sure what is the best way to have this level of control. I found

> neutron policy delete_floatingip: but is this the correct way to

> implement this policy?

This is good approach to do it in the Neutron. You need to look at the policy of the "update_floatingip" [1]. If You want to forbid only disassociate FIP You can try to add custom policy based on the field value, some example of such policy is done for RBAC API, see [2]. But I never tested something like that so you may need to play with it a bit.

>

> OR

>

> Does Horizon have some level of ACL to remove buttons or disable it?

That I have no idea about. Sorry.

>

> Looking for advice or clues.

>

> Thanks!

>

[1] https://github.com/openstack/neutron/blob/master/neutron/conf/policies/floatingip.py#L106

[2] https://github.com/openstack/neutron/blob/master/neutron/conf/policies/rbac.py#L58

--

Slawek Kaplonski

Principal Software Engineer

Red Hat