[openstack-dev] [manila][python-manilaclient] Should we really be tagging "admin" CLIs?
Ravi, Goutham
Goutham.Ravi at netapp.com
Wed Mar 2 16:36:57 UTC 2016
Sure, I meant, we shouldn't leave this in the client going into Newton.
Thanks,
Goutham
From: Rodrigo Barbieri <rodrigo.barbieri2010 at gmail.com<mailto:rodrigo.barbieri2010 at gmail.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Wednesday, March 2, 2016 at 11:32 AM
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [manila][python-manilaclient] Should we really be tagging "admin" CLIs?
+1.
But I do not think we should necessarily do this before FF.
On Wed, Mar 2, 2016 at 1:07 PM, Ravi, Goutham <Goutham.Ravi at netapp.com<mailto:Goutham.Ravi at netapp.com>> wrote:
Hi Manila community,
This is regarding the "bug": https://bugs.launchpad.net/python-manilaclient/+bug/1457155 in the python-manilaclient.
A commit was made for this and it merged yesterday: https://github.com/openstack/python-manilaclient/commit/37f2e50bd433149b893d30a478947f3e17f928e9 (<https://review.openstack.org/264110>https:/<https://review.openstack.org/264110>/review.<https://review.openstack.org/264110>openstack.<https://review.openstack.org/264110>org/264110<https://review.openstack.org/264110>)
I disagree with the approach in this patch. I feel this bug is invalid. Deployers have a way to modify policies in "policy.json" as with any other OpenStack project. It would be extremely confusing to see this "Admin Only" added to certain commands that we think will be "admin only" (as defined in the "default" policy.json). Essentially, ANY API we build can be exposed to the user (or some users); or administrators; as determined by the deployer.
IMHO, assuming that policies can change, we shouldn't hard code "admin only" as help text. Allow the manila-api service to respond to a request with a 403 if it deems fit; it can see the policy file and works with it. That's correct behavior, as is.
I feel we should revert this change in Mitaka before the feature freeze.
Thoughts?
Thanks,
Goutham
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
--
Rodrigo Barbieri
Computer Scientist
OpenStack Manila Contributor
Federal University of São Carlos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160302/c252e4be/attachment.html>
More information about the OpenStack-dev
mailing list