[openstack-dev] [manila][python-manilaclient] Should we really be tagging "admin" CLIs?

Ravi, Goutham Goutham.Ravi at netapp.com
Wed Mar 2 16:07:39 UTC 2016

Hi Manila community,

This is regarding the "bug": https://bugs.launchpad.net/python-manilaclient/+bug/1457155 in the python-manilaclient.
A commit was made for this and it merged yesterday: https://github.com/openstack/python-manilaclient/commit/37f2e50bd433149b893d30a478947f3e17f928e9 (<https://review.openstack.org/264110>https:/<https://review.openstack.org/264110>/review.<https://review.openstack.org/264110>openstack.<https://review.openstack.org/264110>org/264110<https://review.openstack.org/264110>)

I disagree with the approach in this patch. I feel this bug is invalid. Deployers have a way to modify policies in "policy.json" as with any other OpenStack project. It would be extremely confusing to see this "Admin Only" added to certain commands that we think will be "admin only" (as defined in the "default" policy.json). Essentially, ANY API we build can be exposed to the user (or some users); or administrators; as determined by the deployer.

IMHO, assuming that policies can change, we shouldn't hard code "admin only" as help text. Allow the manila-api service  to respond to a request with a  403 if it deems fit; it can see the policy file and works with it. That's correct behavior, as is.

I feel we should revert this change in Mitaka before the feature freeze.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160302/4f15b31b/attachment.html>

More information about the OpenStack-dev mailing list