Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1658769

Summary: [OSP 15][RFE] non-admin user should be able to run nova list --host <host> command
Product: Red Hat OpenStack Reporter: Angela Soni <asoni>
Component: openstack-novaAssignee: melanie witt <mwitt>
Status: CLOSED ERRATA QA Contact: OSP DFG:Compute <osp-dfg-compute>
Severity: medium Docs Contact:
Priority: medium    
Version: 10.0 (Newton)CC: amodi, asoni, dasmith, djuran, egallen, jhakimra, kchamart, lyarwood, mbooth, mwitt, sbauza, sgordon, vromanso
Target Milestone: Upstream M3Keywords: FutureFeature, Reopened, TechPreview, Triaged, ZStream
Target Release: 15.0 (Stein)   
Hardware: Unspecified   
OS: All   
Whiteboard:
Fixed In Version: openstack-nova-19.0.0-0.20190322080331.c993d4f.el8ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1719984 1733386 (view as bug list) Environment:
Last Closed: 2019-09-21 11:19:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1719984, 1733386    

Description Angela Soni 2018-12-12 20:19:03 UTC 
Description of problem:
--host filter is only available for admin only:

https://docs.openstack.org/ocata/cli-reference/nova.html --> nova list --> --host <hostname>
Search servers by hostname to which they are assigned (Admin only).

This is filter is only available for admin.

Version-Release number of selected component (if applicable):


How reproducible:

Every time

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:
Non-admin user should be able to filter specific host(s) and not just admin. Customer operations team requires the ability to know what servers are being impacted by things like a nova host-evacuate or nova host-evacuate-live

Additional info:
Comment 2 Matthew Booth 2018-12-13 15:53:00 UTC 
Everything related to compute hosts is admin only, as these are cloud internals. We wouldn't consider changing this.
Comment 6 melanie witt 2019-01-24 18:03:47 UTC 
Adding a public comment here, for anyone who might happen upon this BZ in searches:

It should already possible for non-admin users to 'nova list --host <hostname>' command, if policy.json is configured appropriately.

In this example, the user is a member of a role: MyRole and the nova policy.json contains at least these lines:

  "os_compute_api:servers:detail:get_all_tenants": "rule:admin_api or role:MyRole"
  "os_compute_api:servers:allow_all_filters": "rule:admin_api or role:MyRole"

Then the command can be run, like this: 'nova list --host <hostname> --all-tenants'

The '--all-tenants' option is needed in order to list servers in a different project than the 'nova list' caller's project.
Comment 10 Matthew Booth 2019-02-22 15:37:15 UTC 
The fix has already merged upstream and will be included in OSP15 at some point via rebase. We believe we should be able to backport this to OSP13, but we would not backport to OSP10 at this stage in its lifecycle.
Comment 17 errata-xmlrpc 2019-09-21 11:19:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:2811