Bug 1342601
Summary: | Major change in functionality between Nova API v2.0 and v2.1 | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Irina Petrova <ipetrova> |
Component: | openstack-nova | Assignee: | Sylvain Bauza <sbauza> |
Status: | CLOSED WONTFIX | QA Contact: | Prasanth Anbalagan <panbalag> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.0 (Liberty) | CC: | berrange, dasmith, eglynn, ipetrova, kchamart, pablo.iranzo, rhos-docs, sbauza, sferdjao, sgordon, srevivo, vromanso |
Target Milestone: | --- | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1342596 | Environment: | |
Last Closed: | 2016-06-14 12:20:17 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1342596 | ||
Bug Blocks: |
Comment 7
Irina Petrova
2016-06-14 11:20:14 UTC
So, the upstream consensus is that the policy modification using user_id was not something Nova was supporting because it was not verified (even not known, only by operators). When the API version was bumped to v2.1, we then haven't checked if the non-supported features were yet fine. That's not something we can call it a regression if the non-supported feature was no longer working, as also it's not a API modification but rather only a fluke of the policy engine. That said, the Nova upstream community understands it can be a feature for operators (at least for deleting instances only) and that's why the consensus was also to create a new blueprint (and a spec) for now supporting it in Newton (for v2.1 only since v2.0 is only stable/supported). https://review.openstack.org/#/c/324068/ Given the above is not yet something merged upstream (even not yet accepted), I think we should WONTFIX the behaviour here for OSP8 (Liberty) and rather change the documentation to explicitly remove any comment about modifying the policy file for that, and rather tell to users that they can use the lock operation for making sure other users (from the same project) can't delete their own instances. (In reply to Sylvain Bauza from comment #8) Awesome, thanks for the link, Sylvain. |