Open Stack

--all-tenants would only be turned on if --tenant was specified, not a
general default. Do you see that causing any problems for non trivial
clouds?

Chris


On Tue, Oct 15, 2013 at 7:26 PM, Robert Collins
<robertc at robertcollins.net>wrote:

> Please don't invert the bug though: if --all-tenants becomes the
> default nova server behaviour in v3, please ensure there is a
> --no-all-tenants to unbreak it for non-trivial clouds.
>
> Thanks!
> -Rob
>
> On 15 October 2013 20:54, Lingxian Kong <anlin.kong at gmail.com> wrote:
> > then, what's the conclusion that we can begin to start?
> >
> >
> > 2013/10/15 Christopher Yeoh <cbkyeoh at gmail.com>
> >>
> >> On Tue, Oct 15, 2013 at 10:25 AM, Caitlin Bestler
> >> <caitlin.bestler at nexenta.com> wrote:
> >>>
> >>> On 10/14/2013 8:37 AM, Ben Nemec wrote:
> >>>>
> >>>> I agree that this needs to be fixed.  It's very counterintuitive, if
> >>>> nothing else (which is also my argument against requiring all-tenants
> >>>> for admin users in the first place).  The only question for me is
> >>>> whether to fix it in novaclient or in Nova itself.
> >>>
> >>>
> >>> If it is fixed in novaclient, then any unscrupulous tenant would be
> able
> >>> to unfix it in novaclient themselves and gain the same information
> about
> >>> other tenants that the bug is allowing.
> >>>
> >>> So if the intent is to protect leakage of information across tenant
> lines
> >>> then the correct solution is a real lock (i.e. in Nova) rather
> >>> than just a screen door "lock".
> >>>
> >>
> >> The novaclient fix for V2 would be simply to automatically pass
> >> all-tenants where needed. It would not give a non admin user any extra
> >> privileges even if they modified novaclient.
> >>
> >> Chris
> >>
> >> _______________________________________________
> >> OpenStack-dev mailing list
> >> OpenStack-dev at lists.openstack.org
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >>
> >
> >
> >
> > --
> > --------------------------------------------
> > Lingxian Kong
> > Huawei Technologies Co.,LTD.
> > IT Product Line CloudOS PDU
> > China, Xi'an
> > Mobile: +86-18602962792
> > Email: konglingxian at huawei.com; anlin.kong at gmail.com
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
>
>
> --
> Robert Collins <rbtcollins at hp.com>
> Distinguished Technologist
> HP Converged Cloud
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131016/a1525884/attachment.html>