[Openstack-operators] ocata nova /etc/nova/policy.json

iain MacDonnell iain.macdonnell at oracle.com
Thu Sep 6 14:41:21 UTC 2018



On 09/06/2018 06:31 AM, Ignazio Cassano wrote:
> I installed openstack ocata on centos and I saw /etc/nova/policy.json 
> coontains the following:
> {
> }
> 
> I created an instance in a a project "admin" with user admin that 
> belogns to admin project
> 
> I created a demo project with a user demo with "user" role.
> 
> Using command lines (openstack server list --all-projects) the user demo 
> can list the admin instances and can also delete one of them.
> 
> I think this is a bug and a nova policy.json must be created with some 
> rules for avoiding the above.

See 
https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/policy-in-code.html

You have something else going on ...

     ~iain






More information about the OpenStack-operators mailing list