Description of problem: All created metrics are under the ceilometer user and services project and listing them with a user expecting to get a list of own metrics will always return an empty array [] unless ran under an admin account. This is due to the way metrics are created and how they are fetched in /usr/lib/python2.7/site-packages/gnocchi/rest/__init__.py since the user metrics are filtered with created_by_user_id and created_by_project_id which will never be the user own project/user id. I also think that due to this, a given user would not receive all the metrics created within a project due to the use of the following condition: if user_id is not None: attr_filter['created_by_user_id'] = user_id in the following code block: def get_all(**kwargs): try: enforce("list all metric", {}) except webob.exc.HTTPForbidden: enforce("list metric", {}) user_id, project_id = get_user_and_project() provided_user_id = kwargs.get('user_id') provided_project_id = kwargs.get('project_id') if ((provided_user_id and user_id != provided_user_id) or (provided_project_id and project_id != provided_project_id)): abort( 403, "Insufficient privileges to filter by user/project") else: user_id = kwargs.get('user_id') project_id = kwargs.get('project_id') attr_filter = {} if user_id is not None: attr_filter['created_by_user_id'] = user_id if project_id is not None: attr_filter['created_by_project_id'] = project_id attr_filter.update(get_pagination_options( kwargs, METRIC_DEFAULT_PAGINATION)) try: return pecan.request.indexer.list_metrics(**attr_filter) except indexer.IndexerException as e: abort(400, e) Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
One of the current work around would be to use "gnocchi resource list" then, "gnocchi resource show UUID" of one of the instance. In the following output, there's a "metrics" blob containing all the related metrics to that instance, you can then use "gnocchi metric show UUID" or "gnocchi measures show UUID" in order to get the parameters of that metric or the measures values.
This should be considered as a RFE. It might not be so easy to improve as oslo.policy can be quite limited for such ACL management.
From a customer point of view , this would be a bug but I don't mind changing it for RFE if it's the only way to get it improved from our side of the table.
*** Bug 1504056 has been marked as a duplicate of this bug. ***
The patch has been merged upstream and it will be part of OSP13
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days