[openstack-dev] Nova list with all-tenants flag

Andrew Laski andrew.laski at rackspace.com
Mon Jun 17 20:57:22 UTC 2013 

On 06/17/13 at 01:30pm, Ben Nemec wrote:
>Is there ever a situation where you would use tenant_id and not want 
>all_tenants=1?  If there is then I can maybe see leaving it, but if 
>tenant_id implies all_tenants=1 then IMHO it's rather poor to force 
>the user to remember to set it.

I tend to agree with Chris that all_tenants should still be required, 
unless we want to get rid of all_tenants entirely.  I don't see why 
--tenant should imply it, but other admin only search options like 
status/flavor/host wouldn't.

>
>To be honest, as someone fairly new to OpenStack I found it very 
>unintuitive that a request made as an admin user doesn't behave as 
>though it came from an admin unless an extra option is set.  By way 
>of analogy, I feel like this would be similar to if vim required you 
>to do "# vim --as-root some-file" to edit a file as root.  I already 
>authenticated as root (or admin), why are you forcing me to reiterate 
>that I am?  If I don't want admin privileges I won't use an admin 
>user.

This feels like the heart of the issue to me.  Are there use cases for 
an admin user to not use those admin privileges unless specifically 
asked for, or would it be better to assume an admin user is always 
acting as an admin?  And if we can come to some consensus on that we 
should be consistent with that policy across all API requests and client 
commands.


>
>/my 2 cents
>
>-Ben
>
>On 2013-06-17 12:12, Chris Behrens wrote:
>>The original intent behind 'all_tenants=1' was whether or not to
>>include all instances for all tenants in the filtering process.
>>Basically it means "Should I operate as admin or not?". I still view
>>it this way, and would prefer it still mean this (although it might be
>>more clear with a different name).
>>
>>This means that if you're an admin… you're not treated as one UNTIL
>>you specify all_tenants=1. So technically I think specifying a
>>'tenant_id' filter should raise or do whatever it does for a normal
>>user. I don't think specifying a 'tenant_id' filter should mean that
>>we automatically turn 'all_tenants' on.
>>
>>I don't see the bug deal in needing to remember to use all_tenants=1
>>so that all instances will be filtered, not just the instances belong
>>to the admin user.
>>
>>My opinion,
>>
>>- Chris
>>
>>On Jun 16, 2013, at 11:09 PM, Aarti Mahesh Kriplani
>><aarti.kriplani at RACKSPACE.COM> wrote:
>>
>>>Hello all,
>>>
>>>There have been a few contrasting views on this bug
>>>[1]<https://bugs.launchpad.net/nova/+bug/1185290 [1]>.
>>>I would really like some views on how we want to use the
>>>all-tenenats flag going ahead.
>>>Comments/Suggestions?
>>>
>>>Thanks,
>>>Aarti _______________________________________________
>>>OpenStack-dev mailing list
>>>OpenStack-dev at lists.openstack.org
>>>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>>Links:
>>------
>>[1] https://bugs.launchpad.net/nova/+bug/1185290
>>
>>_______________________________________________
>>OpenStack-dev mailing list
>>OpenStack-dev at lists.openstack.org
>>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>_______________________________________________
>OpenStack-dev mailing list
>OpenStack-dev at lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list