Open Stack

two questions here:
1. whther '--all-tenants' should be with '--tenant' or not.
2. can admin see other tenant's server using its name instead of id?


2013/10/16 Robert Collins <robertc at robertcollins.net>

> I think that would be fine: --tenant FOO implying 'show me results
> from FOO if I have access to that' makes total sense to me.
>
> On 16 October 2013 17:52, Christopher Yeoh <cbkyeoh at gmail.com> wrote:
> >
> > --all-tenants would only be turned on if --tenant was specified, not a
> > general default. Do you see that causing any problems for non trivial
> > clouds?
> >
> > Chris
> >
> >
> > On Tue, Oct 15, 2013 at 7:26 PM, Robert Collins <
> robertc at robertcollins.net>
> > wrote:
> >>
> >> Please don't invert the bug though: if --all-tenants becomes the
> >> default nova server behaviour in v3, please ensure there is a
> >> --no-all-tenants to unbreak it for non-trivial clouds.
> >>
> >> Thanks!
> >> -Rob
> >>
> >> On 15 October 2013 20:54, Lingxian Kong <anlin.kong at gmail.com> wrote:
> >> > then, what's the conclusion that we can begin to start?
> >> >
> >> >
> >> > 2013/10/15 Christopher Yeoh <cbkyeoh at gmail.com>
> >> >>
> >> >> On Tue, Oct 15, 2013 at 10:25 AM, Caitlin Bestler
> >> >> <caitlin.bestler at nexenta.com> wrote:
> >> >>>
> >> >>> On 10/14/2013 8:37 AM, Ben Nemec wrote:
> >> >>>>
> >> >>>> I agree that this needs to be fixed.  It's very counterintuitive,
> if
> >> >>>> nothing else (which is also my argument against requiring
> all-tenants
> >> >>>> for admin users in the first place).  The only question for me is
> >> >>>> whether to fix it in novaclient or in Nova itself.
> >> >>>
> >> >>>
> >> >>> If it is fixed in novaclient, then any unscrupulous tenant would be
> >> >>> able
> >> >>> to unfix it in novaclient themselves and gain the same information
> >> >>> about
> >> >>> other tenants that the bug is allowing.
> >> >>>
> >> >>> So if the intent is to protect leakage of information across tenant
> >> >>> lines
> >> >>> then the correct solution is a real lock (i.e. in Nova) rather
> >> >>> than just a screen door "lock".
> >> >>>
> >> >>
> >> >> The novaclient fix for V2 would be simply to automatically pass
> >> >> all-tenants where needed. It would not give a non admin user any
> extra
> >> >> privileges even if they modified novaclient.
> >> >>
> >> >> Chris
> >> >>
> >> >> _______________________________________________
> >> >> OpenStack-dev mailing list
> >> >> OpenStack-dev at lists.openstack.org
> >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > --------------------------------------------
> >> > Lingxian Kong
> >> > Huawei Technologies Co.,LTD.
> >> > IT Product Line CloudOS PDU
> >> > China, Xi'an
> >> > Mobile: +86-18602962792
> >> > Email: konglingxian at huawei.com; anlin.kong at gmail.com
> >> >
> >> > _______________________________________________
> >> > OpenStack-dev mailing list
> >> > OpenStack-dev at lists.openstack.org
> >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >> >
> >>
> >>
> >>
> >> --
> >> Robert Collins <rbtcollins at hp.com>
> >> Distinguished Technologist
> >> HP Converged Cloud
> >>
> >> _______________________________________________
> >> OpenStack-dev mailing list
> >> OpenStack-dev at lists.openstack.org
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
>
>
> --
> Robert Collins <rbtcollins at hp.com>
> Distinguished Technologist
> HP Converged Cloud
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
*---------------------------------------*
*Lingxian Kong*
Huawei Technologies Co.,LTD.
IT Product Line CloudOS PDU
China, Xi'an
Mobile: +86-18602962792
Email: konglingxian at huawei.com; anlin.kong at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131020/aa048e76/attachment.html>