Policy doesn't allow os_compute_api:os-flavor-manage:create to be performed

asked 2019-06-18 05:04:46 -0500

niket gravatar image

Hi,

I need to create flavor using different user (not admin). Updated the policy in /etc/nova/policy.json file under nova_compute container in kolla openstack. Still i am unable to create flavor. Could you please guide me on the same.

please find below the policy.json file

{ "context_is_admin": "role:admin", "owner": "tenant_id:%(tenant_id)s", "admin_or_owner": "rule:context_is_admin or rule:owner", "regular_user": "role:member", "default": "rule:admin_or_owner",

"os_compute_api:os-flavor-manage": "rule:admin_api or rule:admin_or_owner or rule:regular_user",
"os_compute_api:os-flavor-manage:create": "rule:os_compute_api:os-flavor-manage rule:admin_or_owner or rule:regular_user",
"os_compute_api:os-flavor-manage:delete": "rule:os_compute_api:os-flavor-manage rule:admin_or_owner or rule:regular_user"

}

Note: current user is assigned the role as member

edit retag flag offensive close merge delete

Comments

This part of the policy looks incorrect:

rule:os_compute_api:os-flavor-manage rule:admin_or_owner

There is no Boolean operator between the two rule operands.

Bernd Bausch gravatar imageBernd Bausch ( 2019-06-18 11:13:02 -0500 )edit

thanks for your response Bernd Bausch. Added the boolean operator, still it isn't working.

niket gravatar imageniket ( 2019-07-03 05:05:38 -0500 )edit