[Openstack-operators] Modification in nova policy file
Salman Toor
salman.toor at it.uu.se
Tue May 5 15:01:29 UTC 2015
Hi,
I am trying to setup the policies for nova. Can you please have a look if thats correct?
nova/policy.json
————————————————————————————————
"context_is_admin": "role:admin",
"admin_or_owner": "is_admin:True or project_id:%(project_id)s",
"owner": "user_id:%(user_id)s",
"admin_or_user": "is_admin:True or user_id:%(user_id)s",
"default": "rule:admin_or_owner”,
"compute:get_all": “rule:admin_or_user",
————————————————————————————————
I want users to only see there own instances, not the instances of all the users in the same tenant.
I have restarted the nova-api service on controller, but no effect. I have noticed that if I put “rule:context_is_admin” in “compute:get_all" than except “admin" no one can see anything so system is reading the file correctly.
Important:
1 - I haven’t changed the /etc/openstack-dashboard/nova_policy.json
2 - I have only used the command line client tool to confirm the behaviour.
I am running Juno release.
Please point to some document that discuss all the policy parameters.
Thanks in advance.
/Salman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150505/66105f5f/attachment.html>
More information about the OpenStack-operators
mailing list