Compute services (os-services) API not granular enough by policy and code
Bug #1778994 reported by
Rick Bartra
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
The Nova Compute services (os-services) API is not granular enough in the sense that multiple APIs check the same policy action for list, update, and delete. This does not allow operators with strict security requirements to have different roles that can perform certain APIs but not others - it currently is all or nothing. As it currently stands, listing, updating, and deleting compute services checks the single policy action 'os_compute_
Changed in nova: | |
assignee: | nobody → Rick Bartra (rb560u) |
Changed in nova: | |
importance: | Undecided → Wishlist |
status: | In Progress → Confirmed |
assignee: | Rick Bartra (rb560u) → nobody |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/578553
Review: https:/