[rhos-list] Control Access to instance termination
Kumar Vaibhav
vaibhav.k.agarwal at in.com
Tue Apr 2 06:03:15 UTC 2013
Hi,This doesn't works. As I am not able to restrict the content to be userid based.Need to do some code changes in getall function.Regards,Vaibhav Original message From:"Eoghan Glynn"< eglynn at redhat.com >Date: 26 Mar 13 20:29:46Subject: Re: [rhoslist] Control Access to instance terminationTo: Kumar Vaibhav Cc: rhoslist > > Hi,> > > > Thanks for the help.> > This seems to solve one part of my problem of changing the state of> > the instance.> > A user cannot delete the other users' instance.> > Great.>> > However the listing problem still continues to exist. I checked the> > logs and found that getall access control is possible by using the> > policy.json. But getall function itself uses the filter of> > 'projectid' from the context. So other part seems to be difficult.> > I'm sure I see the problem here, as nova.compute.api.API.getalls/I'm sure/I'm not sure/> bases its policy enforcement check on a target that includes both> the projectid *and* userid:> > https://github.com/o
penstack/nova/blob/stable/folsom/nova/compute/api.py#L1116> > So it seems to me that a rule based on userid would be applicable> in this case also. Again I've just done a quick test against master,> please let me know if the behavior you're seeing with your version> of RHOS is different.> > Cheers,> Eoghan> >> > Regards,> > Vaibhav> > > > Original message > > > > > > From:"Eoghan Glynn"< eglynn at redhat.com >> > Date: 25 Mar 13 22:08:26> > Subject: Re: [rhoslist] Control Access to instance termination> > To: Kumar Vaibhav > > Cc: rhoslist > > > > > > > > > or using the older syntax:> > > > > > [["role:admin"], ["role:projectadmin",> > > "projectid:%(projectid)s"]], ["userid:%(userid)s"]]> > > > Typo:> > > > [["role:admin"], ["role :projectadmin",> > "projectid:%(projectid)s"], ["userid:%(userid)s"]]> > > > > > > > > > Get Yourself a cool, short @in.com Email ID now!> > > rhoslist mailing list> rhoslist at redhat.com> https://www.redhat.com/mailman/listinfo/rhoslist> Get Yourself
a cool, short @in.com Email ID now!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhos-list/attachments/20130402/e03f756c/attachment.htm>
More information about the rhos-list
mailing list