OpenStack Compute (nova)

non-admins should be able to list their deleted instances

Registered by Matt Riedemann

Listing deleted instances is admin only, but it's not clear why non-admins can't list deleted instances in their own project/tenant. This should be policy driven so that non-admins can list the deleted instances in their project.

It doesn't fail, it just doesn't return anything:

stack@archive:~/devstack$ nova list --deleted
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+

That's because of this code:

https://github.com/openstack/nova/blob/12.0.0/nova/api/openstack/compute/servers.py#L1114-L1121

That's the list of options a non-admin can search by, and since 'deleted' isn't in there, it's filtered out and we are just querying for nothing since all of the tenant instances are deleted.

This is slightly different but very explicit:

https://github.com/openstack/nova/blob/12.0.0/nova/api/openstack/compute/servers.py#L335-L340

Results in:

stack@archive:~/devstack$ nova list --deleted --status 'deleted'
ERROR (Forbidden): Only administrators may list deleted instances (HTTP 403) (Request-ID: req-fb8ed625-2f2d-45ff-87cd-b5571cdf1dac)

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Matt Riedemann
Direction:
Needs approval
Assignee:
None
Definition:
Discussion
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

We might not actually want to do this since at the Vancouver summit for Liberty we said we want to eventually stop soft deleting things, and that starts by disabling it in the API. So if that's the goal, we shouldn't be exposing more deleted things to be read from the API.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.