Ask Your Question
2

how to restrict tenants from uploading images in horizon ?

asked 2014-11-05 01:50:39 -0500

Aravinda gravatar image

We are using Juno version of Openstack and wanted to see if there is an option in restricting tenants from uploading the images in horizon. We dont want other uses to upload the image and mess up our environment. Any help would be appreciated !

thanks, Aravinda

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
3

answered 2014-11-05 02:29:36 -0500

rajiv-kumar gravatar image

updated 2014-11-05 02:38:49 -0500

Every service has policy.json which defines policies for accessing API. If you don't want others to upload the images than you can allow only admin to upload images by modifying the /etc/glance/policy.json file such that users having admin role only they can use add_image api. So this way you can restrict users other than admin to upload images.

Usually at the beginning of the file they define an entry that corresponds to admin role. In OpenStack documentation(http://docs.openstack.org/trunk/config-reference/content/section_glance-policy.json.html), it is "context_is_admin" therefor you can replace the entry having add_image API with "add_image": "rule:context_is_admin".

edit flag offensive delete link more

Comments

Thanks for the details Rajiv. I did change this in jason but unfortunately its not working. Is there any service that need to be restarted ? here is the excerpt of the jason file "context_is_admin": "role:admin", "default": "", "add_image": "role:admin", "delete_image": "role:admin"

Aravinda gravatar imageAravinda ( 2014-11-05 02:42:30 -0500 )edit

can you please share your complete /etc/glance/policy.json file.

rajiv-kumar gravatar imagerajiv-kumar ( 2014-11-05 04:04:39 -0500 )edit

{ "context_is_admin": "role:admin", "default": "",

"add_image": "role:admin",
"delete_image": "role:admin",
"get_image": "",
"get_images": "",
"modify_image": "role:admin",
"publicize_image": "role:admin",
"copy_from": "",

"download_image": "role:admin",

}

Aravinda gravatar imageAravinda ( 2014-11-05 06:26:07 -0500 )edit

Attached above. let me know if you need any other info.

thanks, Aravinda

Aravinda gravatar imageAravinda ( 2014-11-05 06:26:35 -0500 )edit

Let's assume you made this change so only admins could upload images. Would this affect non-admin users' ability to take snapshots?

rivimont gravatar imagerivimont ( 2016-01-21 17:11:15 -0500 )edit
0

answered 2014-12-22 06:53:06 -0500

Aravinda gravatar image

Rajiv's suggestions worked but we have restart apache service after editing the policy.json file.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-11-05 01:50:39 -0500

Seen: 1,200 times

Last updated: Dec 22 '14