Extract "create", "update", and "delete" /baymodels operations into extension
With the increased usage of Magnum, questions have started to be raised about the scope of Magnum's API. One of the areas that has seen a lot of debate is Bay Models: many people think offering every user the ability to create, update and delete bay models is an unnecessary and potentially dangerous component of the API.
Although Bay Models should certainly exist as an API resource and serve as the parent resource of bays, it is not satisfactory to allow every user to mutate them. For this reason, the following operations should be removed from the core API and placed into an admin extension:
- create bay model
- update bay model
- delete bay model
This solution would still allow operators and administrators to use these operations, but disallow the majority of users from engaging in potentially harmful, destructive operations. This solution has been adopted by other OpenStack services, notably Keystone.
The following operations would remain in the core API:
- list bay models
- get bay model
Blueprint information
- Status:
- Not started
- Approver:
- Adrian Otto
- Priority:
- Undefined
- Drafter:
- Jamie Hannaford
- Direction:
- Approved
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
This can be addressed using a custom cluster driver.
