[Openstack-operators] [ceilometer][keystone][billing] RBAC restrictions of Ceilometer's Event API prevents billing of Openstack cloud

gord chung Fri, 18 Dec 2015 07:29:04 -0800

See the commit that just merged:

https://review.openstack.org/#/c/240719/



You could create a role called "observer" or "auditor" on the admin
project, and modify the policy files for the services you want so that
users with "auditor" with tokens that have "is_admin_project" set   can
read the data for that API.

Can you enumerate the APIS you want to call this way?

this will probably need a patch in ceilometer. it currently isconfigured to limit results to a matching project of user. if thisfunctionality is required, you should raise it on dev list or as a bug.


cheers,

--
gord

_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

[Openstack-operators] [ceilometer][keystone][billing] RBAC restrictions of Ceilometer's Event API prevents billing of Openstack cloud

Reply via email to