Sever boot on specific hypervisor with new RBAC
With new RBAC defaults, hypervisor info can be seen only by system scoped user and server can be booted by project scoped user. So use case of server boot on specific hypervisor is broken where system scoped user having hypervisor info cannot boot server and project scoped user cannot get hypervisor info.
To solve this case, this spec propose:
- Allow Project admin to list the allowed hypervisors info (not detailed but UUID etc) for that project so that they can create a server to specify the host in POST /servers API.
- Allow server boot request to start accepting the hypervisor uuid.
Blueprint information
- Status:
- Complete
- Approver:
- sean mooney
- Priority:
- Undefined
- Drafter:
- Ghanshyam Mann
- Direction:
- Approved
- Assignee:
- Ghanshyam Mann
- Definition:
- Obsolete
- Series goal:
- Accepted for zed
- Implementation:
-
Deferred
- Milestone target:
- None
- Started by
- Completed by
- sean mooney
Related branches
Related bugs
Sprints
Whiteboard
[20211213 bauzas] Spec got approved.
https:/
[20220225 bauzas] Implementation hit by FeatureFreeze, please repropose the blueprint/spec for the Zed release.
Implementation patches : https:/
[20220517 bauzas] Spec was reapproved for the Zed release https:/
[20220831 gmann] As per the new direction in RBAC in zed cycle, we have dropped the system scope from Nova APIs policy and all policy are scoped to project. So project user (with admin roe) can list hypervisor and request to boot server on specific host.
With that we do not need to do any change proposed to this blueprint.
