[Openstack] How to setup nova's policy.json ensure only owner can list his instance?
Markus Hentsch
markus.hentsch at cloudandheat.com
Mon Jan 8 06:23:01 UTC 2018
Hello,
as far as I am aware, the lowest possible level you can (officially)
reach with the policy files is project-level not user-level. Some APIs
still provide user-level checks but those are a thing from the past and
effectively deprecated. Nova API was migrated to Oslo Policies for API
2.1 where the user-level was removed entirely from the policy
implementation, if I recall correctly.
Kind regards,
Markus Hentsch
Cloud&Heat Technologies
On 08.01.2018 at 06:50, Ying-Chuan Chen wrote:
> Hi guys,
> I want to ensure that only the owner of the instances can list his
> instances.
> I try to add rules in /etc/openstack-dashboard/nova_policy.json like
> below:
>
> "owner": "user_id:%(user_id)s",
>
> "compute:get": "rule:owner",
>
> But, it can't work.
> How to setup policy ensure only owner can list his instance?
> Version: Ocata, OS: CentOS 7.3
>
> Thanks a lot!
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20180108/ec991bb9/attachment.html>
More information about the Openstack
mailing list