Reviewed: https://review.openstack.org/435432 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=1f120b5649ba03aa5b2490a82c08b77c580f12d7 Submitter: Jenkins Branch: master
commit 1f120b5649ba03aa5b2490a82c08b77c580f12d7 Author: Sean Dague <s...@dague.net> Date: Fri Feb 17 07:55:43 2017 -0500 Verify project id for flavor access calls This includes project id verification for flavor access calls. Closes-Bug: #1544989 Implements bp:validate-project-with-keystone Change-Id: I2620c3ebc2a6dc131946602f8aa36ec0b6e782e0 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1544989 Title: Nova doesn't validate user/project is valid from keystone during admin operations Status in OpenStack Compute (nova): Fix Released Bug description: For any API call to Nova which takes a tenant_id / user_id as a parameter, and inserts it into the Nova database, no validation is done of these values. This is currently by design, largely because there is no clear way to check the existence of those users/projects. Nova has no generic credentials to do that to Keystone. It's unclear if there is a way to do this from a non admin user. Many other bugs are related to this fundamental issue for which there is no infrastructure. This includes updating quotas, adding access to flavors, etc. This will be a placeholder for all those bugs until there is some way to actually address this at the root. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1544989/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp