--all-tenants would only be turned on if --tenant was specified, not a general default. Do you see that causing any problems for non trivial clouds?
Chris On Tue, Oct 15, 2013 at 7:26 PM, Robert Collins <robe...@robertcollins.net>wrote: > Please don't invert the bug though: if --all-tenants becomes the > default nova server behaviour in v3, please ensure there is a > --no-all-tenants to unbreak it for non-trivial clouds. > > Thanks! > -Rob > > On 15 October 2013 20:54, Lingxian Kong <anlin.k...@gmail.com> wrote: > > then, what's the conclusion that we can begin to start? > > > > > > 2013/10/15 Christopher Yeoh <cbky...@gmail.com> > >> > >> On Tue, Oct 15, 2013 at 10:25 AM, Caitlin Bestler > >> <caitlin.best...@nexenta.com> wrote: > >>> > >>> On 10/14/2013 8:37 AM, Ben Nemec wrote: > >>>> > >>>> I agree that this needs to be fixed. It's very counterintuitive, if > >>>> nothing else (which is also my argument against requiring all-tenants > >>>> for admin users in the first place). The only question for me is > >>>> whether to fix it in novaclient or in Nova itself. > >>> > >>> > >>> If it is fixed in novaclient, then any unscrupulous tenant would be > able > >>> to unfix it in novaclient themselves and gain the same information > about > >>> other tenants that the bug is allowing. > >>> > >>> So if the intent is to protect leakage of information across tenant > lines > >>> then the correct solution is a real lock (i.e. in Nova) rather > >>> than just a screen door "lock". > >>> > >> > >> The novaclient fix for V2 would be simply to automatically pass > >> all-tenants where needed. It would not give a non admin user any extra > >> privileges even if they modified novaclient. > >> > >> Chris > >> > >> _______________________________________________ > >> OpenStack-dev mailing list > >> OpenStack-dev@lists.openstack.org > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >> > > > > > > > > -- > > -------------------------------------------- > > Lingxian Kong > > Huawei Technologies Co.,LTD. > > IT Product Line CloudOS PDU > > China, Xi'an > > Mobile: +86-18602962792 > > Email: konglingx...@huawei.com; anlin.k...@gmail.com > > > > _______________________________________________ > > OpenStack-dev mailing list > > OpenStack-dev@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > -- > Robert Collins <rbtcoll...@hp.com> > Distinguished Technologist > HP Converged Cloud > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
