OpenStack Compute (Nova)

Separate Nova Admin API

Registered by Vish Ishaya on 2011-10-13

Having the admin apis running with regular apis is a bit confusing. The flag to allow admin functions is ugly as well.

Blueprint information

Status:
Complete
Approver:
Vish Ishaya
Priority:
High
Drafter:
Nova API Team
Direction:
Approved
Assignee:
Brian Waldon
Definition:
Approved
Series goal:
Accepted for essex
Implementation:
Implemented
Milestone target:
milestone icon 2012.1
Started by
Brian Waldon on 2011-10-26
Completed by
Vish Ishaya on 2012-01-24

Related branches

Sprints

Whiteboard

Implementing this by adding rbac checking to extensions so we don't actually need separate logic for admin extensions.

It looks like the best approach is to break out each piece of admin api functionality into a separate OpenStack Compute API extension.

Gerrit topic: https://review.openstack.org/#q,topic:bp/separate-nova-adminapi,n,z

Addressed by: https://review.openstack.org/2354
    Creating mechanism that loads Admin API extensions

Is there some info that can be shared on why extensions was chose instead of a separate api? (maybe just some pros/cons)

(bcwaldon) The driving reason is that I didn't want to duplicate code we could get for free by stacking extensions on top of the existing compute api. The extension mechanism is actually designed to handle exactly this case (implementation-driven functionality).

Addressed by: https://review.openstack.org/2528
    Move 'diagnostics' subresource to admin extension

Gerrit topic: https://review.openstack.org/#q,topic:bug/897091,n,z

Addressed by: https://review.openstack.org/2547
    Move 'actions' subresource into extension

Addressed by: https://review.openstack.org/2548
    Make os-server-diagnostics extension admin-only

Addressed by: https://review.openstack.org/2550
    Move createBackup server action into extension

Addressed by: https://review.openstack.org/2584
    Converting accounts resource to admin extension

Addressed by: https://review.openstack.org/2585
    Convering /users to admin extension

Addressed by: https://review.openstack.org/2610
    Converting zones into true extension

Addressed by: https://review.openstack.org/3091
    Policy-check admin actions extension

Addressed by: https://review.openstack.org/3236
    Remove admin_only ext attr in favor of authz

Addressed by: https://review.openstack.org/3376
    Add authorization checks to flavormanage extension

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.