Hi, Hua. I agree with you if trust_id is secret. But I think trust_id is not a secret. User can know trustee_user_name and trustee_password from k8s/swarm instances. If user knows about other user's trust_id, user can use a other user's swift resources. This wii be a security risk.
Thanks -yuanying 2015年12月24日(木) 16:49 王华 <wanghua.hum...@gmail.com>: > Hi all, > > I want to create a trustee user for each bay [1]. The discussion for trust > is in [2]. > > Here is my solution: > I don't create a user for each bay. All the bays no matter who creates it > use the same user. > But we create different trust for the user for different bay. The user can > not access any service without the trust id. So there is no need to create > a user for each bay. > > > [1] > https://blueprints.launchpad.net/magnum/+spec/create-trustee-user-for-each-bay > [2]https://review.openstack.org/#/c/254705/ > > Regards, > Wanghua > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
