6bfeee5baf
The default policy for server_list API in nova has changed. This exposed a problem in the way Horizon was calling server_list when reading quota values. The call was always made with all_tenants=True, which is only something admin should be able to do. Instead of ignoring the privilege problem in the API as in the past, there is a pre-emptive policy check that makes the call fail. The fix in Horizon is to only pass in all_tenants=True when the user has the appropriate privilege level. nova_policy.json has been updated with the appropriate default and the permission check has been added. Removing passing in all_tenants=True at all was contemplated, but when setting quota values on projects in the identity dashboard, the administrator level user needs to read quota values from a project that they are not currently scoped to. This fixes the error on the network topology screen that was the motivation for the original bug report. Closes-Bug: #1468551 Change-Id: I4255c57f81a13cac121596c99eea4ac629ed9ca7 |
||
|---|---|---|
| .. | ||
| ceilometer_policy.json | ||
| cinder_policy.json | ||
| glance_policy.json | ||
| heat_policy.json | ||
| keystone_policy.json | ||
| neutron_policy.json | ||
| nova_policy.json | ||