Ability to specify a host restricted to admin.

Fixes bug 1070880 There is functionality in place, which uses the format "az:host" on the --availability_zone parameter to a create request to force scheduling of an instance onto a specific host. However, this is limited to users with Admin context. This fix alters this behaviour to use a specific policy action allowing fine-grained control over which users have access to this functionality. Change-Id: Ibb0e43492dfa2699ab26318736ca55a60b7b4468
author: David McNally <dave.mcnally@hp.com> 2012-10-24 16:39:29 +0100
committer: David McNally <dave.mcnally@hp.com> 2012-11-01 09:33:05 +0000
commit: f17ebebcf76bafb8250e84227dd244f520904072 (patch)
tree: d701d6447a95fdb77b7fa890ecbd5f83ee88d4c0 /nova/compute
parent: 7db75002668dfc9d91914feaea67f49f947099b9 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/nova/compute/api.py b/nova/compute/api.py
index 601b75e86..a6ae08ec8 100644
--- a/nova/compute/api.py
+++ b/nova/compute/api.py
@@ -499,7 +499,8 @@ class API(base.Base):
             LOG.debug(_("Going to run %s instances...") % num_instances)
 
             filter_properties = dict(scheduler_hints=scheduler_hints)
-            if context.is_admin and forced_host:
+            if forced_host:
+                check_policy(context, 'create:forced_host', {})
                 filter_properties['force_hosts'] = [forced_host]
 
             for i in xrange(num_instances):
author	David McNally <dave.mcnally@hp.com>	2012-10-24 16:39:29 +0100
committer	David McNally <dave.mcnally@hp.com>	2012-11-01 09:33:05 +0000
commit	f17ebebcf76bafb8250e84227dd244f520904072 (patch)
tree	d701d6447a95fdb77b7fa890ecbd5f83ee88d4c0 /nova/compute
parent	7db75002668dfc9d91914feaea67f49f947099b9 (diff)