[openstack-dev] [heat] [horizon] why is heat service-list limited to 'admin project?

Akihiro Motoki Wed, 21 Sep 2016 00:33:07 -0700

Hi,

The default policy.json provided by heat limits 'service-list' API to
'admin' project like below.
Is there any reason 'admin' role user in non-'admin' project cannot
see service-list?


   "service:index": "rule:context_is_admin",
    "context_is_admin": "role:admin and is_admin_project:True",

I noticed this when investigating a horizon bug
https://bugs.launchpad.net/horizon/+bug/1624834.
horizon currently has a bit different policy engine and it does not
support is_admin_project:True.
We would like to know the background of this default configuration.

Thanks,
Akihiro

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [heat] [horizon] why is heat service-list limited to 'admin project?

Reply via email to