See T247206 and T247573. It seems one can theoretically confirm an instance resizing in Nova, yet Horizon has a different policy that disallows it:
modules/openstack/files/queens/horizon/nova_policy.json: "compute:confirm_resize": "!", modules/openstack/files/queens/nova/common/policy.json: "compute:confirm_resize": "rule:admin_or_projectadmin",
Any such distinction would presumably be a problem for opening up the API directly for use.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | Andrew | T247575 Investigate any discrepancies between Horizon permissions and real permissions | |||
| Stalled | None | T247795 Update OpenStack policy files |
Change 582594 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Horizon: split $version into $horizon_version and $openstack_version
Change 582846 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Horizon: unify horizon glance policy with actual glance policy.yaml
Change 582847 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Horizon: integrate Horizon policy with actual designate policy.yaml
Change 582848 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Horizon: integrate neutron policy with the actual Neutron policy.yaml
Change 582594 merged by Andrew Bogott:
[operations/puppet@production] Horizon: split $version into $horizon_version and $openstack_version
Change 582875 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Horizon: fix path to nova policy.yaml
Change 582875 merged by Andrew Bogott:
[operations/puppet@production] Horizon: fix path to nova policy.yaml
Change 582899 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Keystone policy: merge keystone policy with horizon identity policy.yaml
Change 582846 merged by Andrew Bogott:
[operations/puppet@production] Horizon: unify horizon glance policy with actual glance policy.yaml
Change 582847 merged by Andrew Bogott:
[operations/puppet@production] Horizon: integrate Horizon policy with actual designate policy.yaml
Change 582848 merged by Andrew Bogott:
[operations/puppet@production] Horizon: integrate neutron policy with the actual Neutron policy.yaml
Change 582899 merged by Andrew Bogott:
[operations/puppet@production] Keystone policy: merge keystone policy with horizon identity policy.yaml
Change 583153 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Keystone policy: duplicate Queens policy.yaml
Change 583153 merged by Andrew Bogott:
[operations/puppet@production] Keystone policy: duplicate Queens policy.yaml
Change 583157 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] nova policy: add sudorule policy rules for Horizon
Change 583157 merged by Andrew Bogott:
[operations/puppet@production] nova policy: add sudorule policy rules for Horizon