forbid to delete locked server

Registered by int32bit on 2016-11-08

Frequently We will tag some servers as **very very important**, we need a
mechanism to protect them and forbid to delete or any other actions. In
addition, we should provide a way to avoid accidental deletion by wrong
operation. However, currently we don't have any way to achieve it.

The `disable_terminate` can forbid to delete server via public API, but it
just for ec2 compatible API, and we don't have API to set this field.
It may be removed from DB in the future.

A lock may be a good start. A non-admin user can't do any action on a locked
server just as we expect. But it is a great pity that the admin user can just
ignore the lock. In other words, the lock makes no sense for admin user.

We should strengthen the lock function so that it can also work for admin
user. The following is the reasons:

* 1. The admin user always own global privileges by default, he can delete any server in any
  project, that's dangerous.

* 2. We may tag some servers as immutable, we don't want to see any actions on these
  servers by any users.

* 3. The admin always like to use scripts for bulk operation which may lead
  to accidental deletion.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
int32bit
Direction:
Needs approval
Assignee:
int32bit
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.