Separate Nova Admin API
Having the admin apis running with regular apis is a bit confusing. The flag to allow admin functions is ugly as well.
Blueprint information
- Status:
- Complete
- Approver:
- Vish Ishaya
- Priority:
- High
- Drafter:
- Nova API Team
- Direction:
- Approved
- Assignee:
- Brian Waldon
- Definition:
- Approved
- Series goal:
- Accepted for essex
- Implementation:
-
Implemented
- Milestone target:
-
2012.1
- Started by
- Brian Waldon
- Completed by
- Vish Ishaya
Related branches
Related bugs
Sprints
Whiteboard
Implementing this by adding rbac checking to extensions so we don't actually need separate logic for admin extensions.
It looks like the best approach is to break out each piece of admin api functionality into a separate OpenStack Compute API extension.
Gerrit topic: https:/
Addressed by: https:/
Creating mechanism that loads Admin API extensions
Is there some info that can be shared on why extensions was chose instead of a separate api? (maybe just some pros/cons)
(bcwaldon) The driving reason is that I didn't want to duplicate code we could get for free by stacking extensions on top of the existing compute api. The extension mechanism is actually designed to handle exactly this case (implementation
Addressed by: https:/
Move 'diagnostics' subresource to admin extension
Gerrit topic: https:/
Addressed by: https:/
Move 'actions' subresource into extension
Addressed by: https:/
Make os-server-
Addressed by: https:/
Move createBackup server action into extension
Addressed by: https:/
Converting accounts resource to admin extension
Addressed by: https:/
Convering /users to admin extension
Addressed by: https:/
Converting zones into true extension
Addressed by: https:/
Policy-check admin actions extension
Addressed by: https:/
Remove admin_only ext attr in favor of authz
Addressed by: https:/
Add authorization checks to flavormanage extension
