Public bug reported: - [x] This doc is inaccurate in this way:
https://developer.openstack.org/api-ref/compute/?expanded=list-servers- detail#list-servers The GET /servers and GET /servers/detail entries say: """ - For non-admin users, whitelist is different from admin users whitelist. Valid whitelist for non-admin users includes - ``all_tenants`` """ However, all_tenants is admin-only by default policy: https://docs.openstack.org/nova/latest/configuration/policy.html os_compute_api:servers:index:get_all_tenants Default rule:admin_api Operations GET /servers List all servers for all projects os_compute_api:servers:detail:get_all_tenants Default rule:admin_api Operations GET /servers/detail The confusion is probably due to this code: https://github.com/openstack/nova/blob/ec51f9311cf5de740bd624065684a0bda93c6f2c/nova/api/openstack/compute/servers.py#L1216 That allows the all_tenants parameter for non-admins at first, but then it's removed from the list later and checked against policy: https://github.com/openstack/nova/blob/ec51f9311cf5de740bd624065684a0bda93c6f2c/nova/api/openstack/compute/servers.py#L277 Note that it's also not listed in the API guide for non-admins: https://developer.openstack.org/api-guide/compute/server_concepts.html #server-query ----------------------------------- Release: 19.1.0.dev329 on 2019-03-26 18:09:01 SHA: ec51f9311cf5de740bd624065684a0bda93c6f2c Source: https://opendev.org/openstack/nova/src/api-ref/source/index.rst URL: https://developer.openstack.org/api-ref/compute/ ** Affects: nova Importance: Medium Status: Triaged ** Tags: api-ref -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1828042 Title: Compute API in nova - all_tenants listed in non-admin query params set Status in OpenStack Compute (nova): Triaged Bug description: - [x] This doc is inaccurate in this way: https://developer.openstack.org/api-ref/compute/?expanded=list- servers-detail#list-servers The GET /servers and GET /servers/detail entries say: """ - For non-admin users, whitelist is different from admin users whitelist. Valid whitelist for non-admin users includes - ``all_tenants`` """ However, all_tenants is admin-only by default policy: https://docs.openstack.org/nova/latest/configuration/policy.html os_compute_api:servers:index:get_all_tenants Default rule:admin_api Operations GET /servers List all servers for all projects os_compute_api:servers:detail:get_all_tenants Default rule:admin_api Operations GET /servers/detail The confusion is probably due to this code: https://github.com/openstack/nova/blob/ec51f9311cf5de740bd624065684a0bda93c6f2c/nova/api/openstack/compute/servers.py#L1216 That allows the all_tenants parameter for non-admins at first, but then it's removed from the list later and checked against policy: https://github.com/openstack/nova/blob/ec51f9311cf5de740bd624065684a0bda93c6f2c/nova/api/openstack/compute/servers.py#L277 Note that it's also not listed in the API guide for non-admins: https://developer.openstack.org/api-guide/compute/server_concepts.html #server-query ----------------------------------- Release: 19.1.0.dev329 on 2019-03-26 18:09:01 SHA: ec51f9311cf5de740bd624065684a0bda93c6f2c Source: https://opendev.org/openstack/nova/src/api-ref/source/index.rst URL: https://developer.openstack.org/api-ref/compute/ To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1828042/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
