Dear Hamza,
You may contact the primary assignee to get the status of this feature:
https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/user-id-based-policy-enforcement.html
Best regards,
Jerome Pansanel
Le 15/01/2017 à 08:44, Hamza Achi a écrit :
> Hello,
>
> According to this Nova-spec of Newton release [1], user_id:%(user_id)s
> syntax should work to constrain some operations to user_id instead of
> project_id. Like deleting and rebuilding VMs.
>
> But it is not working, users within the same project can delete,
> rebuild..the VMs of each other. i added these rules in
> /etc/nova/policy.json (i used devstack stable/newton branch):
>
> "admin_required": "role:admin or is_admin:1",
> "owner" : "user_id:%(user_id)s",
> "admin_or_owner": "rule:admin_required or rule:owner",
> "compute:delete": "rule:admin_or_owner",
> "compute:resize": "rule:admin_or_owner",
> "compute:rebuild": "rule:admin_or_owner",
> "compute:reboot": "rule:admin_or_owner",
> "compute:start": "rule:admin_or_owner",
> "compute:stop": "rule:admin_or_owner"
>
>
> Can you please point out what i am missing ?
>
> Thank you,
> Hamza
>
>
> [1]
> https://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/user-id-based-policy-enforcement.html
>
>
> ___
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
--
Jerome Pansanel, PhD
Technical Director at France Grilles
Grid & Cloud Computing Operations Manager at IPHC
IPHC|| GSM: +33 (0)6 25 19 24 43
23 rue du Loess, BP 28 || Tel: +33 (0)3 88 10 66 24
F-67037 STRASBOURG Cedex 2 || Fax: +33 (0)3 88 10 62 34
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
