f9c6089244
Currently, the os_compute_api:servers:show:host_status controls whether a user can view the host status of a server including UP, DOWN, MAINTENANCE, and UNKNOWN. When communication with nova-compute is experiencing problems, users can get a hint about it from the server host status, if enabled by policy. However, not all operators may want to expose all possible host statuses to end users and instead would prefer to expose only the UNKNOWN host status. This adds a new policy rule: os_compute_api:servers:show:host_status:unknown-only which controls whether a user can view the host status of UNKNOWN only. This way, operators can allow users to get a hint about what to expect when using their server without exposing too much information about the underlying cloud details. Implements blueprint policy-rule-for-host-status-unknown Change-Id: I55bf78e63f68f8167249edc3327b024d9ecb0af2
18 lines
765 B
YAML
18 lines
765 B
YAML
---
|
|
features:
|
|
- |
|
|
A new policy rule ``os_compute_api:servers:show:host_status:unknown-only``
|
|
has been added to control whether a user can view a server host status of
|
|
``UNKNOWN`` in the following APIs:
|
|
|
|
* ``GET /servers/{server_id}`` if using API microversion >= 2.16
|
|
* ``GET /servers/detail`` if using API microversion >= 2.16
|
|
* ``PUT /servers/{server_id}`` if using API microversion >= 2.75
|
|
* ``POST /servers/{server_id}/action`` (rebuild) if using API microversion
|
|
>= 2.75
|
|
|
|
This is different than the ``os_compute_api:servers:show:host_status``
|
|
policy rule which controls whether a user can view all possible host
|
|
status in the aforementioned APIs including ``UP``, ``DOWN``,
|
|
``MAINTENANCE``, and ``UNKNOWN``.
|