Detections
Analytics

TNS OpenStack Nova/Compute Security Guide

Audit Details

Name: TNS OpenStack Nova/Compute Security Guide

Updated: 12/22/2023

Authority: TNS

Plugin: Unix

Revision: 1.23

Estimated Item Count: 159

File Details

Filename: TNS_OpenStack_Compute_Security_Guide.audit

Size: 219 kB

MD5: 92d6713b9383c42f6f899b317910025b
SHA256: 6bfd0664a2e4f7ae8eaab24dcece47a826e6b8d5dd7fc9a85deef95b260437aa

Audit Changelog

 
Revision 1.23

Dec 22, 2023

Miscellaneous
  • Metadata updated.
Revision 1.22

May 31, 2023

Informational Update
  • 1. OpenStack Compute - Policy.json - 'os_compute_api:os-cells:delete'
  • 10. OpenStack Compute - Policy.json - 'os_compute_api:os-console-auth-tokens'
  • 100. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:migrate'
  • 101. OpenStack Compute - Policy.json - 'compute:create:forced_host'
  • 102. OpenStack Compute - Policy.json - 'os_compute_api:os-baremetal-nodes'
  • 103. OpenStack Compute - Policy.json - 'os_compute_api:os-simple-tenant-usage:show'
  • 104. OpenStack Compute - Policy.json - 'compute_extension:evacuate'
  • 105. OpenStack Compute - Policy.json - 'os_compute_api:os-flavor-extra-specs:delete'
  • 106. OpenStack Compute - Policy.json - 'os_compute_api:os-flavor-extra-specs:create'
  • 107. OpenStack Compute - Policy.json - 'os_compute_api:os-networks-associate'
  • 108. OpenStack Compute - Policy.json - 'admin_or_owner'
  • 109. OpenStack Compute - Policy.json - 'compute_extension:security_group_default_rules'
  • 11. OpenStack Compute - Policy.json - 'os_compute_api:os-lock-server:unlock'
  • 110. OpenStack Compute - Policy.json - 'os_compute_api:os-aggregates:show'
  • 111. OpenStack Compute - Policy.json - 'os_compute_api:os-aggregates:add_host'
  • 112. OpenStack Compute - Policy.json - 'os_compute_api:server-metadata:update'
  • 113. OpenStack Compute - Policy.json - 'os_compute_api:os-quota-sets:update'
  • 114. OpenStack Compute - Policy.json - 'os_compute_api:os-evacuate'
  • 115. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:resetNetwork'
  • 116. OpenStack Compute - Policy.json - 'os_compute_api:os-aggregates:create'
  • 117. OpenStack Compute - Policy.json - 'compute_extension:floating_ips_bulk'
  • 118. OpenStack Compute - Policy.json - 'os_compute_api:os-flavor-access:add_tenant_access'
  • 119. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:unpause'
  • 12. OpenStack Compute - Policy.json - 'os_compute_api:os-admin-actions:reset_state'
  • 120. OpenStack Compute - Policy.json - 'compute_extension:server_diagnostics'
  • 121. OpenStack Compute - Policy.json - 'network:attach_external_network'
  • 122. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:resume'
  • 123. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:pause'
  • 124. OpenStack Compute - Policy.json - 'os_compute_api:os-fixed-ips'
  • 125. OpenStack Compute - Policy.json - 'compute:unlock_override'
  • 126. OpenStack Compute - Policy.json - 'os_compute_api:os-server-diagnostics'
  • 127. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:createBackup'
  • 128. OpenStack Compute - Policy.json - 'compute_extension:flavorextraspecs:create'
  • 129. OpenStack Compute - Policy.json - 'compute_extension:simple_tenant_usage:show'
  • 13. OpenStack Compute - Policy.json - 'compute_extension:quotas:delete'
  • 130. OpenStack Compute - Policy.json - 'compute_extension:os-server-external-events:create'
  • 131. OpenStack Compute - Policy.json - 'compute_extension:quotas:update'
  • 132. OpenStack Compute - Policy.json - 'os_compute_api:os-lock-server:lock'
  • 133. OpenStack Compute - Policy.json - 'os_compute_api:os-flavor-access:remove_tenant_access'
  • 134. OpenStack Compute - Policy.json - 'compute_extension:hide_server_addresses'
  • 135. OpenStack Compute - Policy.json - 'compute_extension:instance_actions:events'
  • 136. OpenStack Compute - Policy.json - 'os_compute_api:os-create-backup'
  • 137. OpenStack Compute - Policy.json - 'compute_extension:flavorextraspecs:delete'
  • 138. OpenStack Compute - Policy.json - 'compute_extension:cells:create'
  • 139. OpenStack Compute - Policy.json - 'os_compute_api:os-cells'
  • 14. OpenStack Compute - Policy.json - 'compute_extension:migrations:index'
  • 140. OpenStack Compute - Policy.json - 'compute_extension:extended_server_attributes'
  • 141. OpenStack Compute - Policy.json - 'os_compute_api:ips:index'
  • 142. OpenStack Compute - Policy.json - 'compute_extension:accounts'
  • 143. OpenStack Compute - Policy.json - 'os_compute_api:os-floating-ips-bulk'
  • 144. OpenStack Compute - Policy.json - 'os_compute_api:os-server-external-events:create'
  • 145. OpenStack Compute - Policy.json - 'os_compute_api:server-metadata:update_all'
  • 146. OpenStack Compute - Policy.json - 'compute:start'
  • 147. OpenStack Compute - Policy.json - 'compute_extension:flavor_access:addTenantAccess'
  • 15. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:suspend'
  • 16. OpenStack Compute - Policy.json - 'os_compute_api:server-metadata:show'
  • 17. OpenStack Compute - Policy.json - 'os_compute_api:os-personality:discoverable'
  • 18. OpenStack Compute - Policy.json - 'compute_extension:flavor_access:removeTenantAccess'
  • 19. OpenStack Compute - Policy.json - 'os_compute_api:os-extended-server-attributes'
  • 2. OpenStack Compute - Policy.json - 'os_compute_api:servers:stop'
  • 20. OpenStack Compute - Policy.json - 'os_compute_api:os-cells:sync_instances'
  • 21. OpenStack Compute - Policy.json - 'os_compute_api:os-aggregates:index'
  • 22. OpenStack Compute - Policy.json - 'compute_extension:cells:delete'
  • 23. OpenStack Compute - Policy.json - 'context_is_admin'
  • 24. OpenStack Compute - Policy.json - 'os_compute_api:os-aggregates:update'
  • 25. OpenStack Compute - Policy.json - 'os_compute_api:os-migrate-server:migrate'
  • 26. OpenStack Compute - Policy.json - 'compute_extension:admin_actions'
  • 27. OpenStack Compute - Policy.json - 'admin_api'
  • 28. OpenStack Compute - Policy.json - 'os_compute_api:os-availability-zone:detail'
  • 29. OpenStack Compute - Policy.json - 'os_compute_api:os-security-group-default-rules'
  • 3. OpenStack Compute - Policy.json - 'os_compute_api:os-assisted-volume-snapshots:create'
  • 30. OpenStack Compute - Policy.json - 'os_compute_api:os-pci:detail'
  • 31. OpenStack Compute - Policy.json - 'os_compute_api:os-agents'
  • 32. OpenStack Compute - Policy.json - 'os_compute_api:os-cells:create'
  • 33. OpenStack Compute - Policy.json - 'compute_extension:cells:update'
  • 34. OpenStack Compute - Policy.json - 'compute_extension:instance_usage_audit_log'
  • 35. OpenStack Compute - Policy.json - 'compute_extension:cloudpipe_update'
  • 36. OpenStack Compute - Policy.json - 'os_compute_api:os-admin-actions:reset_network'
  • 37. OpenStack Compute - Policy.json - 'compute_extension:flavorextraspecs:update'
  • 38. OpenStack Compute - Policy.json - 'default'
  • 39. OpenStack Compute - Policy.json - 'os_compute_api:os-instance-actions:events'
  • 4. OpenStack Compute - Policy.json - 'os_compute_api:os-suspend-server:resume'
  • 40. OpenStack Compute - Policy.json - 'compute_extension:aggregates'
  • 41. OpenStack Compute - Policy.json - 'os_compute_api:os-aggregates:set_metadata'
  • 42. OpenStack Compute - Policy.json - 'os_compute_api:os-cells:update'
  • 43. OpenStack Compute - Policy.json - 'os_compute_api:os-hypervisors'
  • 44. OpenStack Compute - Policy.json - 'compute_extension:agents'
  • 45. OpenStack Compute - Policy.json - 'os_compute_api:os-admin-actions:inject_network_info'
  • 46. OpenStack Compute - Policy.json - 'os_compute_api:os-services'
  • 47. OpenStack Compute - Policy.json - 'compute_extension:availability_zone:detail'
  • 48. OpenStack Compute - Policy.json - 'os_compute_api:os-hosts'
  • 49. OpenStack Compute - Policy.json - 'compute_extension:baremetal_nodes'
  • 5. OpenStack Compute - Policy.json - 'os_compute_api:os-migrate-server:migrate_live'
  • 50. OpenStack Compute - Policy.json - 'compute_extension:cells'
  • 51. OpenStack Compute - Policy.json - 'os_compute_api:os-flavor-extra-specs:update'
  • 52. OpenStack Compute - Policy.json - 'os_compute_api:ips:show'
  • 53. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:resetState'
  • 54. OpenStack Compute - Policy.json - 'os_compute_api:os-simple-tenant-usage:list'
  • 55. OpenStack Compute - Policy.json - 'compute_extension:flavormanage'
  • 56. OpenStack Compute - Policy.json - 'os_compute_api:server-metadata:delete'
  • 57. OpenStack Compute - Policy.json - 'compute_extension:fixed_ips'
  • 58. OpenStack Compute - Policy.json - 'compute_extension:fping:all_tenants'
  • 59. OpenStack Compute - Policy.json - 'compute_extension:os-assisted-volume-snapshots:delete'
  • 6. OpenStack Compute - Policy.json - 'os_compute_api:os-aggregates:delete'
  • 60. OpenStack Compute - Policy.json - 'compute_extension:services'
  • 61. OpenStack Compute - Policy.json - 'compute_extension:users'
  • 62. OpenStack Compute - Policy.json - 'os_compute_api:os-migrations:index'
  • 63. OpenStack Compute - Policy.json - 'os_compute_api:os-pause-server:unpause'
  • 64. OpenStack Compute - Policy.json - 'compute_extension:used_limits_for_admin'
  • 65. OpenStack Compute - Policy.json - 'os_compute_api:os-quota-sets:delete'
  • 66. OpenStack Compute - Policy.json - 'os_compute_api:os-pci:show'
  • 67. OpenStack Compute - Policy.json - 'os_compute_api:os-pause-server:pause'
  • 68. OpenStack Compute - Policy.json - 'os_compute_api:os-instance-usage-audit-log'
  • 69. OpenStack Compute - Policy.json - 'os_compute_api:os-hide-server-addresses'
  • 7. OpenStack Compute - Policy.json - 'compute_extension:cells:sync_instances'
  • 70. OpenStack Compute - Policy.json - 'compute_extension:os-assisted-volume-snapshots:create'
  • 71. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:lock'
  • 72. OpenStack Compute - Policy.json - 'os_compute_api:os-aggregates:remove_host'
  • 73. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:unlock'
  • 74. OpenStack Compute - Policy.json - 'compute_extension:networks'
  • 75. OpenStack Compute - Policy.json - 'os_compute_api:server-metadata:create'
  • 76. OpenStack Compute - Policy.json - 'compute_extension:simple_tenant_usage:list'
  • 77. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:migrateLive'
  • 78. OpenStack Compute - Policy.json - 'os_compute_api:os-assisted-volume-snapshots:delete'
  • 79. OpenStack Compute - Policy.json - 'compute:stop'
  • 8. OpenStack Compute - Policy.json - 'os_compute_api:os-tenant-networks'
  • 80. OpenStack Compute - Policy.json - 'compute_extension:hosts'
  • 81. OpenStack Compute - Policy.json - 'os_compute_api:os-suspend-server:suspend'
  • 82. OpenStack Compute - Policy.json - 'os_compute_api:os-networks'
  • 83. OpenStack Compute - Policy.json - 'compute_extension:networks_associate'
  • 84. OpenStack Compute - Policy.json - 'os_compute_api:os-flavor-manage'
  • 85. OpenStack Compute - Policy.json - 'compute_extension:console_auth_tokens'
  • 86. OpenStack Compute - Policy.json - 'os_compute_api:os-shelve:shelve_offload'
  • 87. OpenStack Compute - Policy.json - 'os_compute_api:os-quota-sets:detail'
  • 88. OpenStack Compute - Policy.json - 'compute_extension:cloudpipe'
  • 89. OpenStack Compute - Policy.json - 'os_compute_api:servers:start'
  • 9. OpenStack Compute - Policy.json - 'os_compute_api:os-pci:index'
  • 90. OpenStack Compute - Policy.json - 'os_compute_api:os-admin-actions'
  • 91. OpenStack Compute - Policy.json - 'os_compute_api:server-metadata:index'
  • 92. OpenStack Compute - Policy.json - 'compute_extension:hypervisors'
  • 93. OpenStack Compute - Policy.json - 'os_compute_api:os-fping:all_tenants'
  • 94. OpenStack Compute - Policy.json - 'compute_extension:admin_actions:injectNetworkInfo'
  • 95. OpenStack Compute - Policy.json - 'compute_extension:shelveOffload'
  • 96. OpenStack Compute - Policy.json - 'os_compute_api:os-preserve-ephemeral-rebuild:discoverable'
  • 97. OpenStack Compute - Policy.json - 'cells_scheduler_filter:TargetCellFilter'
  • 98. OpenStack Compute - Policy.json - 'os_compute_api:os-cloudpipe'
  • 99. OpenStack Compute - Policy.json - 'os_compute_api:os-used-limits'
  • OpenStack Compute - keystone used for authentication
Revision 1.21

Apr 12, 2023

Miscellaneous
  • Metadata updated.
Revision 1.20

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.19

Dec 7, 2022

Miscellaneous
  • Variables updated.
Revision 1.18

Apr 25, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.17

Feb 1, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.16

Oct 5, 2020

Functional Update
  • OpenStack Compute - Nova communicates with Glance securely
  • OpenStack Compute - secure protocol used for authentication
Miscellaneous
  • Platform check updated.
Revision 1.15

Sep 29, 2020

Miscellaneous
  • References updated.
Revision 1.14

Jul 14, 2020

Miscellaneous
  • Metadata updated.