On Mon, 2014-02-24 at 16:23 +0800, Lingxian Kong wrote: > I think 'tenant_id' should always be validated when creating neutron > resources, whether or not Neutron can handle the notifications from > Keystone when tenant is deleted.
-1 Personally, I think this cross-service request is likely too expensive to do on every single request to Neutron. It's already expensive enough to use Keystone when not using PKI tokens, and adding another round trip to Keystone for this kind of thing is not appealing to me. The tenant is already "validated" when it is used to get the authentication token used in requests to Neutron, so other than the scenarios where a tenant is deleted in Keystone (which, with notifications in Keystone, there is now a solution for), I don't see much value in the extra expense this would cause. Best, -jay _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev