Improve Ironic Horizon out of the box experience #1808
Conversation
Policy override was causing lots of error messages in the Ironic view of Horizon. I've asked upstream if we can get this enabled by default: https://bugs.launchpad.net/horizon/+bug/2102214 But are yet to see any traction.
| # Intended scope(s): system, project | ||
| # Overridden: added role:admin | ||
| "baremetal:node:list_all": "role:admin or (role:reader and system_scope:all) or (role:service and system_scope:all) or rule:service_role" | ||
| "baremetal:node:list_all": "role:baremetal_node_list_all or (role:reader and system_scope:all) or (role:service and system_scope:all) or rule:service_role" |
There was a problem hiding this comment.
does it mean that regular admin users now won't be able to list all baremetals from cli? - I think that was idea behind this policy override. also baremetal_node_list_all don't exist by default?
There was a problem hiding this comment.
baremetal_node_list_all don't exist by default?
Correct, you'd have to create that.
does it mean that regular admin users now won't be able to list all baremetals from cli?
Correct, unless they own all nodes (via setting the owner property on baremetal nodes). You can add the new role if you need that behaviour (but it will break your horizon).
There was a problem hiding this comment.
Will this break Horizon, even with SYSTEM_SCOPE_SERVICES = ['ironic'] set?
There was a problem hiding this comment.
Yes, as I think system scope appears in the project drop down. So if you have a project selected (rather than system scope) and you navigate to the baremetal provisioning section, you will get a bunch of errors. You would be able to select system scope and browse to the same page though.
Policy override was causing lots of error messages in the Ironic view of Horizon.
I've asked upstream if we can get this enabled by default:
https://bugs.launchpad.net/horizon/+bug/2102214
But are yet to see any traction.