OpenStack Compute (nova)

why we need "admin_api": [["is_admin:True"]] in policy.json ?

Asked by li,chen on 2013-01-31

I'm really confused about context in file policy.json.

Why we have to define some actions with "role:admin", some with "rule:admin_api" and, some with "is_admin:True"?

Also, we can get "admin_api": [["is_admin:True"]] in /etc/nova/policy.json,
But, "admin_api": "role:admin" in nova/tests/fake_policy.py
And, according to my understanding, role:admin and is_admin:True will always keep same in context.

Anyone can give me a brief introduction?

Thanks.
-chen

Question information

Language:: English Edit question

Status:: Answered

For:: OpenStack Compute (nova) Edit question

Assignee:: No assignee Edit question

Last query:: 2013-01-31

Last reply:: 2013-02-09

Link existing bug

Revision history for this message

Jason (zzs) said on 2013-02-09:

I remember I saw someone mentioned before, it looks like there are legacy projects assumed the role name is "admin".

Can you help with this problem?

Provide an answer of your own, or ask li,chen for more information if necessary.

To post a message you must log in.

Ask a question

Edit question

OpenStack Compute (nova)

why we need "admin_api": [["is_admin:True"]] in policy.json ?

Question information

Related bugs

Related FAQ:

Can you help with this problem?

Subscribers