From f17ebebcf76bafb8250e84227dd244f520904072 Mon Sep 17 00:00:00 2001
From: David McNally <dave.mcnally@hp.com>
Date: Wed, 24 Oct 2012 16:39:29 +0100
Subject: Ability to specify a host restricted to admin.

Fixes bug 1070880

There is functionality in place, which uses the
format "az:host" on the --availability_zone
parameter to a create request to force scheduling
of an instance onto a specific host. However,
this is limited to users with Admin context.

This fix alters this behaviour to use a specific
policy action allowing fine-grained control over
which users have access to this functionality.

Change-Id: Ibb0e43492dfa2699ab26318736ca55a60b7b4468
---
 etc/nova/policy.json | 1 +
 1 file changed, 1 insertion(+)

(limited to 'etc')

diff --git a/etc/nova/policy.json b/etc/nova/policy.json
index f77f733c6..bd015802a 100644
--- a/etc/nova/policy.json
+++ b/etc/nova/policy.json
@@ -7,6 +7,7 @@
     "compute:create": "",
     "compute:create:attach_network": "",
     "compute:create:attach_volume": "",
+    "compute:create:forced_host": "is_admin:True",
     "compute:get_all": "",
 
 
-- 
cgit