On 02/20/2017 11:17 AM, Markus Hentsch wrote: > Am 20.02.2017 um 10:01 schrieb Vincent Gatignol: >> Le 20/02/2017 à 09:20, Markus Hentsch a écrit : >>> Hello, >>> >>> I'm running a Newton setup where I'm trying to restrict the volume >>> attachment actions using Nova's policy file. >>> >>> I want to check for both the VM ownership as well as the volume >>> ownership, so that users should be unable to attach volumes if they >>> aren't the owner of both the VM and the volume. >>> >> This is related to https://bugs.launchpad.net/nova/+bug/1539351 >> Openstack policies are mapped at the tenant/project level, not user >> >> Regards, >> Vincent > Dear Vincent, > > thanks for clarifying this! > > > Kind regards, > > Markus Hentsch > Cloud&Heat Technologies > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Afaik the use of user_id was merged back in until keystone has the support.
See this spec that was merged in Newton. http://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/user-id-based-policy-enforcement.html https://review.openstack.org/#/q/topic:bp/user_id_based_policy_enforcement,n,z _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
