openstack
/
nova
Code Issues Proposed changes
nova/nova/policies
History
Ghanshyam Mann 909b0b0247 Keep legacy admin behaviour in new RBAC 
While discussing the new RBAC (scope_type and project admin vs
system admin things) with operators in berlin ops meetup and
via emails, and policy popup meetings, we got the feedback that
we need to keep the legacy admin behaviour same as it is otherwise
it is going to be a big breaking change for many of the operators.
Same feedback for scope_type.

- https://etherpad.opendev.org/p/BER-2022-OPS-SRBAC
- https://etherpad.opendev.org/p/rbac-operator-feedback

By considering the feedback, we decided to postpone the
system scope implementation, release project reader
role and not to change the legacy admin behaviour.

To keep the legacy admin behaviour unchanged, we need to
modify our policy new default so that legacy admin continue
to have the access to the APIs they are able to access in
old RBAC. Basically the below changes:

- PROJECT_ADMIN -> ADMIN (legacy admin who can do things in all projects)
- PROJECT_MEMBER -> PROJECT_MEMBER_OR_ADMIN (give access to legacy admin too)
- PROJECT_READER -> PROJECT_READER_OR_ADMIN (give access to legacy admin too)

Complete direction on RBAC is updated in community wide goal
- https://review.opendev.org/c/openstack/governance/+/847418/13

Change-Id: I37e706f75a36fb27da1bdd5fba671cb1bcadc745
 		2022-08-24 16:33:27 +00:00
..
__init__.py api: Remove 'os-agents' API 2020-09-11 14:10:32 +01:00
admin_actions.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
admin_password.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
aggregates.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
assisted_volume_snapshots.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
attach_interfaces.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
availability_zone.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
baremetal_nodes.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
base.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
console_auth_tokens.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
console_output.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
create_backup.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
deferred_delete.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
evacuate.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
extended_server_attributes.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
extensions.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
flavor_access.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
flavor_extra_specs.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
flavor_manage.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
floating_ip_pools.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
floating_ips.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
hosts.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
hypervisors.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
instance_actions.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
instance_usage_audit_log.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
ips.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
keypairs.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
limits.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
lock_server.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
migrate_server.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
migrations.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
multinic.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
networks.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
pause_server.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
quota_class_sets.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
quota_sets.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
remote_consoles.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
rescue.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
security_groups.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
server_diagnostics.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
server_external_events.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
server_groups.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
server_metadata.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
server_password.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
server_tags.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
server_topology.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
servers.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
servers_migrations.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
services.py Remove system scope from all APIs 2022-08-24 13:12:16 +00:00
shelve.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
simple_tenant_usage.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
suspend_server.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
tenant_networks.py Make more project level APIs scoped to project only 2022-02-19 18:19:34 -06:00
volumes.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00
volumes_attachments.py Keep legacy admin behaviour in new RBAC 2022-08-24 16:33:27 +00:00