Proposal for Changing index request project_id filter
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
octavia |
New
|
Undecided
|
Unassigned |
Bug Description
From the past to today, it seems that Octavia has a different project_id filter process than other Openstack services (Nova, Cinder, ETC).
According to the documentation at https:/
However, the implementation of the List API is different from Nova.
First, Octavia is calling the filter calculation method from a single list api entry point.
(https:/
Next, if the RBAC_GET_ALL_GLOBAL Rule is allowed, no project_id filter is added for the current context.
(https:/
Alternatively, RBAC_GET_ALL_GLOBAL rules must be disallowed, but check for the presence of RBAC_GET_ALL rules by referencing the project_id of the context.
(https:/
I consider the all_global action of admin to be optionally supported, and I think there should be a functional delimiter of “all_tenants” similar to Nova, what do you think?
I'm not comfortable with contexts with admin roles causing mistakes or only looking at the context's project loadbalancer.
I think it would be fun to do a feature together if you don't mind.
description: | updated |
summary: |
- Proposal for Changing index request project filter + Proposal for Changing index request project_id filter |
description: | updated |
description: | updated |
description: | updated |