[openstack-dev] [Nova] Get-validserver-state default policy

Juvonen, Tomi (Nokia - FI/Espoo) tomi.juvonen at nokia.com
Fri Jan 15 07:55:41 UTC 2016

>-----Original Message-----
>From: EXT Jay Pipes [mailto:jaypipes at gmail.com] 
>Sent: Friday, January 15, 2016 9:25 AM
>To: openstack-dev at lists.openstack.org
>Subject: Re: [openstack-dev] [Nova] Get-validserver-state default policy
>On 01/15/2016 01:50 AM, Juvonen, Tomi (Nokia - FI/Espoo) wrote:
>> This API change was agreed is the spec review to be "rule:
>> admin_or_owner", but during code review "rule: admin_api" was also wanted.
>> Link to spec to see details what this is about
>> (https://review.openstack.org/192246/):
>> _http://specs.openstack.org/openstack/nova-specs/specs/mitaka/approved/get-valid-server-state.html_
>> In my deployment where this is crucial information for the owner, this
>> will certainly be "admin_or_owner". The question is now what is the
>> general feeling about the default value in policy.json and should it
>> just be as agreed in spec or should it be changed still.
>The host state is NOT something that a regular cloud user should be able 
>to query, IMHO. Only admins should be able to see anything about the 
>underlying compute hardware.
>Exposing hardware information and statuses out through the REST API is a 
>bad leak of implementation.

Jay, yes agreed in code review. The question just rose again as the code change was against spec. I guess the spec can still be revisited. I have a small bit to spec anyhow, so can make "rule: admin_api"  at the same :)



OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe

More information about the OpenStack-dev mailing list