Reputation: 13
Openstack can admin impersonate as another user to create a VM
I need to implement VM creation workflow such that admin creates VM for a user after verifying his request.
Currently, if admin creates the VM, it is marked as owner of this instance.
- Can we either change or add another owner to the instance?
- Can admin impersonate as another user to create a VM?
Upvotes: 0
Views: 1096
Answers (1)
Reputation: 312410
An admin cannot impersonate another user. However, in practice this is not the problem you might think, because access to resources in OpenStack is controlled by projects (basically, groups) rather than by individual users.
You can add the admin user to other tenants, and then set OS_PROJECT_NAME (and/or OS_PROJECT_ID) in your environment to the appropriate project when creating resources (such as servers, networks, etc).
When you create a resource as a particular project, any member of that project will have access to that resource.
Note that in earlier versions of OpenStack, projects were referred to as tenants and the correponding variables where OS_TENANT_NAME and OS_TENANT_ID.
Upvotes: 1
Related Questions
- Why is openstack Keystone not listening on port 5000
- OpenStack Install - Not create openstack project
- Create a frontend website for Horizon OpenStack
- Ldap connection with Openstack could not find user : admin
- Keyrock doesn't accept user, even when using admin
- How to enable OS-KSADM Admin Extension in openstack?
- Openstack create a super user like admin
- OpenStack keystoneclient get user by name