What is the best approach for setting up an Openstack user that is limited to only rebooting servers using the Web API.
- The user needs to be able to access servers under different tenants, by using the instance id for look-up.
- The user should be limited to rebooting servers.
From my understanding this needs to be done using the https://github.com/openstack/nova/blob/master/etc/nova/policy.json (policy.json) file, but I not know what the best approach would be. I also have to keep in mind future needs, like what if we need to create a new user with similar permissions, or modify the existing one to be able to start and stop servers.
The most important aspect of this is to keep it clean, so that it can easily be applied using tools like http://puppetlabs.com/puppet/puppet-open-source (puppet) or http://www.getchef.com/chef/ (chef).