[openstack-dev] [Nova] Get-validserver-state default policy
Juvonen, Tomi (Nokia - FI/Espoo)
tomi.juvonen at nokia.com
Fri Jan 15 07:55:41 UTC 2016
>From: EXT Jay Pipes [mailto:jaypipes at gmail.com]
>Sent: Friday, January 15, 2016 9:25 AM
>To: openstack-dev at lists.openstack.org
>Subject: Re: [openstack-dev] [Nova] Get-validserver-state default policy
>On 01/15/2016 01:50 AM, Juvonen, Tomi (Nokia - FI/Espoo) wrote:
>> This API change was agreed is the spec review to be "rule:
>> admin_or_owner", but during code review "rule: admin_api" was also wanted.
>> Link to spec to see details what this is about
>> In my deployment where this is crucial information for the owner, this
>> will certainly be "admin_or_owner". The question is now what is the
>> general feeling about the default value in policy.json and should it
>> just be as agreed in spec or should it be changed still.
>The host state is NOT something that a regular cloud user should be able
>to query, IMHO. Only admins should be able to see anything about the
>underlying compute hardware.
>Exposing hardware information and statuses out through the REST API is a
>bad leak of implementation.
Jay, yes agreed in code review. The question just rose again as the code change was against spec. I guess the spec can still be revisited. I have a small bit to spec anyhow, so can make "rule: admin_api" at the same :)
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
More information about the OpenStack-dev