On Mon, Oct 21, 2013 at 1:32 AM, Lingxian Kong <anlin.k...@gmail.com> wrote:
> two questions here: > 1. whther '--all-tenants' should be with '--tenant' or not. > 2. can admin see other tenant's server using its name instead of id? > > I think a name search as well as id makes sense, though that change lies entirely within python-novaclient and could potentially take a long time and could be avoided by passing 'all_tenants 0'. btw I have submitted a series of patches (IMO some cleanup is required as well) which addresses the tenant_id/all_tenants issue: https://review.openstack.org/#/c/52007/ https://review.openstack.org/#/c/52864/ https://review.openstack.org/#/c/52919/ Chris. > 2013/10/16 Robert Collins <robe...@robertcollins.net> > >> I think that would be fine: --tenant FOO implying 'show me results >> from FOO if I have access to that' makes total sense to me. >> >> On 16 October 2013 17:52, Christopher Yeoh <cbky...@gmail.com> wrote: >> > >> > --all-tenants would only be turned on if --tenant was specified, not a >> > general default. Do you see that causing any problems for non trivial >> > clouds? >> > >> > Chris >> > >> > >> > On Tue, Oct 15, 2013 at 7:26 PM, Robert Collins < >> robe...@robertcollins.net> >> > wrote: >> >> >> >> Please don't invert the bug though: if --all-tenants becomes the >> >> default nova server behaviour in v3, please ensure there is a >> >> --no-all-tenants to unbreak it for non-trivial clouds. >> >> >> >> Thanks! >> >> -Rob >> >> >> >> On 15 October 2013 20:54, Lingxian Kong <anlin.k...@gmail.com> wrote: >> >> > then, what's the conclusion that we can begin to start? >> >> > >> >> > >> >> > 2013/10/15 Christopher Yeoh <cbky...@gmail.com> >> >> >> >> >> >> On Tue, Oct 15, 2013 at 10:25 AM, Caitlin Bestler >> >> >> <caitlin.best...@nexenta.com> wrote: >> >> >>> >> >> >>> On 10/14/2013 8:37 AM, Ben Nemec wrote: >> >> >>>> >> >> >>>> I agree that this needs to be fixed. It's very counterintuitive, >> if >> >> >>>> nothing else (which is also my argument against requiring >> all-tenants >> >> >>>> for admin users in the first place). The only question for me is >> >> >>>> whether to fix it in novaclient or in Nova itself. >> >> >>> >> >> >>> >> >> >>> If it is fixed in novaclient, then any unscrupulous tenant would be >> >> >>> able >> >> >>> to unfix it in novaclient themselves and gain the same information >> >> >>> about >> >> >>> other tenants that the bug is allowing. >> >> >>> >> >> >>> So if the intent is to protect leakage of information across tenant >> >> >>> lines >> >> >>> then the correct solution is a real lock (i.e. in Nova) rather >> >> >>> than just a screen door "lock". >> >> >>> >> >> >> >> >> >> The novaclient fix for V2 would be simply to automatically pass >> >> >> all-tenants where needed. It would not give a non admin user any >> extra >> >> >> privileges even if they modified novaclient. >> >> >> >> >> >> Chris >> >> >> >> >> >> _______________________________________________ >> >> >> OpenStack-dev mailing list >> >> >> OpenStack-dev@lists.openstack.org >> >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> >> >> >> > >> >> > >> >> > >> >> > -- >> >> > -------------------------------------------- >> >> > Lingxian Kong >> >> > Huawei Technologies Co.,LTD. >> >> > IT Product Line CloudOS PDU >> >> > China, Xi'an >> >> > Mobile: +86-18602962792 >> >> > Email: konglingx...@huawei.com; anlin.k...@gmail.com >> >> > >> >> > _______________________________________________ >> >> > OpenStack-dev mailing list >> >> > OpenStack-dev@lists.openstack.org >> >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > >> >> >> >> >> >> >> >> -- >> >> Robert Collins <rbtcoll...@hp.com> >> >> Distinguished Technologist >> >> HP Converged Cloud >> >> >> >> _______________________________________________ >> >> OpenStack-dev mailing list >> >> OpenStack-dev@lists.openstack.org >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> > >> > >> > _______________________________________________ >> > OpenStack-dev mailing list >> > OpenStack-dev@lists.openstack.org >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> >> >> >> -- >> Robert Collins <rbtcoll...@hp.com> >> Distinguished Technologist >> HP Converged Cloud >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > > -- > *---------------------------------------* > *Lingxian Kong* > Huawei Technologies Co.,LTD. > IT Product Line CloudOS PDU > China, Xi'an > Mobile: +86-18602962792 > Email: konglingx...@huawei.com; anlin.k...@gmail.com > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev