Hi Dolph
Thanks for idea. Is this approach used somewhere for similar use-case I
described? If so please point it out. Thanks
Filip
On 07/10/2015 04:57 PM, Dolph Mathews wrote:
How about using domain-based role assignments in keystone and
requiring domain-level authorization in policy, and then only
returning data about the collection of tenants that belong to the
authorized domain? That way you don't have an API that violates
multi-tenant isolation, consumable only by cloud operators.
On Wed, Jul 8, 2015 at 6:27 AM, Filip Blaha <[email protected]
<mailto:[email protected]>> wrote:
Hi all,
I started implement bp [1]. Problem is that congress needs data
about environments from all tenants but murano API lists only
environments of user's current tenant. We decided to ipmplement it
similarly like listing servers in nova where is query parameter
all_tenants=true for that (user must be admin) I have 2 questions
about that:
1) Are there any security concerns about this approach?
2) Has someone better idea how to implement this?
[1]
https://blueprints.launchpad.net/murano/+spec/murano-api-all-tenants-search
Regards
Filip
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
[email protected]?subject:unsubscribe
<http://[email protected]?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
