OpenStack Dashboard (Horizon)

update Horizon's nova enforce policies to use latest api rules

Registered by Yaguang Tang

Right now Horizon still use the old nova policy rules ("compute:create": "rule:admin_or_owner") to check api policy, but these API policies doesn't exist any more, so it's inconsistent between horizon and nova policies. this blueprint's goal is to update Horizon to use latest Nova policies for api validation in code.

current outdated policies used in horizon codebase.

    "compute:create": "rule:admin_or_owner",
    "compute:create:attach_network": "rule:admin_or_owner",
    "compute:create:attach_volume": "rule:admin_or_owner",
    "compute:create:forced_host": "is_admin:True",

Nova's policies

    "os_compute_api:servers:create": "rule:admin_or_owner",
    "os_compute_api:servers:create:attach_network": "rule:admin_or_owner",
    "os_compute_api:servers:create:attach_volume": "rule:admin_or_owner",
    "os_compute_api:servers:create:forced_host": "rule:admin_api",
    "os_compute_api:servers:delete": "rule:admin_or_owner",
    "os_compute_api:servers:update": "rule:admin_or_owner",

Blueprint information

Status:
Complete
Approver:
Rob Cresswell
Priority:
Medium
Drafter:
Yaguang Tang
Direction:
Approved
Assignee:
Yaguang Tang
Definition:
Approved
Series goal:
Accepted for 12.0.0-pike
Implementation:
Implemented
Milestone target:
milestone icon pike-1
Started by
Rob Cresswell
Completed by
David Lyle

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/update-nova-enforce-policies,n,z

Addressed by: https://review.openstack.org/352094
    Update Horizon to use latest nova policy rules for validation

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.