Please don't invert the bug though: if --all-tenants becomes the default nova server behaviour in v3, please ensure there is a --no-all-tenants to unbreak it for non-trivial clouds.
Thanks! -Rob On 15 October 2013 20:54, Lingxian Kong <[email protected]> wrote: > then, what's the conclusion that we can begin to start? > > > 2013/10/15 Christopher Yeoh <[email protected]> >> >> On Tue, Oct 15, 2013 at 10:25 AM, Caitlin Bestler >> <[email protected]> wrote: >>> >>> On 10/14/2013 8:37 AM, Ben Nemec wrote: >>>> >>>> I agree that this needs to be fixed. It's very counterintuitive, if >>>> nothing else (which is also my argument against requiring all-tenants >>>> for admin users in the first place). The only question for me is >>>> whether to fix it in novaclient or in Nova itself. >>> >>> >>> If it is fixed in novaclient, then any unscrupulous tenant would be able >>> to unfix it in novaclient themselves and gain the same information about >>> other tenants that the bug is allowing. >>> >>> So if the intent is to protect leakage of information across tenant lines >>> then the correct solution is a real lock (i.e. in Nova) rather >>> than just a screen door "lock". >>> >> >> The novaclient fix for V2 would be simply to automatically pass >> all-tenants where needed. It would not give a non admin user any extra >> privileges even if they modified novaclient. >> >> Chris >> >> _______________________________________________ >> OpenStack-dev mailing list >> [email protected] >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > > -- > -------------------------------------------- > Lingxian Kong > Huawei Technologies Co.,LTD. > IT Product Line CloudOS PDU > China, Xi'an > Mobile: +86-18602962792 > Email: [email protected]; [email protected] > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Robert Collins <[email protected]> Distinguished Technologist HP Converged Cloud _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
