Re: [openstack-dev] [nova] Server Group API: add 'action' to authorizer?

2014-08-25 Thread Alex Xu

On 2014年08月23日 18:29, Christopher Yeoh wrote:

On Sat, 23 Aug 2014 03:56:27 -0500
Joe Cropper cropper@gmail.com wrote:


Hi Folks,

Would anyone be opposed to adding the 'action' checking to the v2/v3
authorizers?  This would allow administrators more fine-grained
control over  who can read vs. create/update/delete server groups.

Thoughts?

If folks are supportive, I'd be happy to add this... but not sure if
we'd treat this as a 'bug' or whether there is a blueprint under which
this could be done?

Long term we want to have a separate authorizer for every method. Alex
had a nova-spec  proposed for this but it unfortunately did not make
Juno

https://review.openstack.org/#/c/92326/

Also since the feature proposal deadline has passed it'll have to wait
till Kilo.


Yes, that spec propose adding policy rule for each API for get more 
fine-grained control. But we have to wait till K release.




Chris

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev






___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


[openstack-dev] [nova] Server Group API: add 'action' to authorizer?

2014-08-23 Thread Joe Cropper
Hi Folks,

Would anyone be opposed to adding the 'action' checking to the v2/v3
authorizers?  This would allow administrators more fine-grained
control over  who can read vs. create/update/delete server groups.

Thoughts?

If folks are supportive, I'd be happy to add this... but not sure if
we'd treat this as a 'bug' or whether there is a blueprint under which
this could be done?

Thanks,
Joe

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] [nova] Server Group API: add 'action' to authorizer?

2014-08-23 Thread Christopher Yeoh
On Sat, 23 Aug 2014 03:56:27 -0500
Joe Cropper cropper@gmail.com wrote:

 Hi Folks,
 
 Would anyone be opposed to adding the 'action' checking to the v2/v3
 authorizers?  This would allow administrators more fine-grained
 control over  who can read vs. create/update/delete server groups.
 
 Thoughts?
 
 If folks are supportive, I'd be happy to add this... but not sure if
 we'd treat this as a 'bug' or whether there is a blueprint under which
 this could be done?

Long term we want to have a separate authorizer for every method. Alex
had a nova-spec  proposed for this but it unfortunately did not make
Juno

https://review.openstack.org/#/c/92326/

Also since the feature proposal deadline has passed it'll have to wait
till Kilo.

Chris

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev