Extract "create", "update", and "delete" /baymodels operations into extension

Registered by Jamie Hannaford on 2016-02-11

With the increased usage of Magnum, questions have started to be raised about the scope of Magnum's API. One of the areas that has seen a lot of debate is Bay Models: many people think offering every user the ability to create, update and delete bay models is an unnecessary and potentially dangerous component of the API.

Although Bay Models should certainly exist as an API resource and serve as the parent resource of bays, it is not satisfactory to allow every user to mutate them. For this reason, the following operations should be removed from the core API and placed into an admin extension:

- create bay model
- update bay model
- delete bay model

This solution would still allow operators and administrators to use these operations, but disallow the majority of users from engaging in potentially harmful, destructive operations. This solution has been adopted by other OpenStack services, notably Keystone.

The following operations would remain in the core API:

- list bay models
- get bay model

Blueprint information

Status:
Not started
Approver:
Adrian Otto
Priority:
Undefined
Drafter:
Jamie Hannaford
Direction:
Approved
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

This can be addressed using a custom cluster driver.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.