How can I restrict visibility of instances in a project
Hi Everyone,
I am attempting to restrict users from seeing other users' instances within a project. I attempted the following modification of nova/policy.json:
"admin_or_owner": "role:admin or is_admin:True or user_id:%(user_id)s",
...
"compute:get_all": "rule:admin_or_owner",
I know the policy is being applied, because if I make it only "role:admin or is_admin:True", then it allows only admins to view the instance list.
Even though instances are associated with a user, is it possible the list of instances itself has ownership which is being checked (and that ownership is everyone in the project)?
Any suggestions or insight into this would be greatly appreciated!