Description of problem: --host filter is only available for admin only: https://docs.openstack.org/ocata/cli-reference/nova.html --> nova list --> --host <hostname> Search servers by hostname to which they are assigned (Admin only). This is filter is only available for admin. Version-Release number of selected component (if applicable): How reproducible: Every time Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Non-admin user should be able to filter specific host(s) and not just admin. Customer operations team requires the ability to know what servers are being impacted by things like a nova host-evacuate or nova host-evacuate-live Additional info:
Everything related to compute hosts is admin only, as these are cloud internals. We wouldn't consider changing this.
Adding a public comment here, for anyone who might happen upon this BZ in searches: It should already possible for non-admin users to 'nova list --host <hostname>' command, if policy.json is configured appropriately. In this example, the user is a member of a role: MyRole and the nova policy.json contains at least these lines: "os_compute_api:servers:detail:get_all_tenants": "rule:admin_api or role:MyRole" "os_compute_api:servers:allow_all_filters": "rule:admin_api or role:MyRole" Then the command can be run, like this: 'nova list --host <hostname> --all-tenants' The '--all-tenants' option is needed in order to list servers in a different project than the 'nova list' caller's project.
The fix has already merged upstream and will be included in OSP15 at some point via rebase. We believe we should be able to backport this to OSP13, but we would not backport to OSP10 at this stage in its lifecycle.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:2811