Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Non-admin users creating private flavors

Hello,

I am currently developing a feature to non-admin users can create and modify flavors. I made it possible with some changes:

  1. add in openstack_dashboad/dashboards/project the flavor folder from admin dashboard
  2. change all the admin setup for project
  3. add in the dashboard.py the 'flavors'
  4. changed in keystone.py,line 254, the manager = VERSIONS.get_project_manager(request, admin=True) to: manager = VERSIONS.get_project_manager(request, admin=False)
  5. Changed the nova_policy.json: http://paste.openstack.org/show/86623/ including this line 115:

.

 "compute_extension:flavor_access:addTenantAccess": "rule:admin_api",

to:

"compute_extension:flavor_access:addTenantAccess": "",

and the non-admin user can create and modify the flavor but can't add tenants to the flavor. When I try to do this the flavor becomes private but no tenants were added.

Request and response:

REQ: curl -i 'http://192.168.0.11:8774/v2/4ee6760e38734fdbae2d9dec8fab0bee/flavors/d7c4ea68-6e67-4278-885e-f92bdca45fa1/action' -X POST -H "X-Auth-Project-Id: 4ee6760e38734fdbae2d9dec8fab0bee" -H "User-Agent: python-novaclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: 05f2dd65004193c8782158bcef18f1a5" -d '{"addTenantAccess": {"tenant": "4ee6760e38734fdbae2d9dec8fab0bee"}}'

New session created for: (http://192.168.0.11:8774) RESP: [403] {'date': 'Tue, 15 Jul 2014 21:09:58 GMT', 'content-length': '78', 'content-type': 'application/json; charset=UTF-8', 'x-compute-request-id': 'req-e8680aa7-87af-4e0d-8fe2-bef0acc1b311'} RESP BODY: {"forbidden": {"message": "User does not have admin privileges", "code": 403}}

I tried to change the line 163 in /nova/api/openstack/compute/contrib/flavor_access.py:

authorize(context, action="addTenantAccess")

to:

#authorize(context, action="addTenantAccess")

but still showing the same error.

So there is an hard coded validation to admin users in nova or novaclient?

Thank you!