[openstack-dev] [Neutron]Do you think tanent_id should be verified
Jay Pipes
jaypipes at gmail.com
Mon Feb 24 16:22:02 UTC 2014
On Mon, 2014-02-24 at 16:23 +0800, Lingxian Kong wrote:
> I think 'tenant_id' should always be validated when creating neutron
> resources, whether or not Neutron can handle the notifications from
> Keystone when tenant is deleted.
-1
Personally, I think this cross-service request is likely too expensive
to do on every single request to Neutron. It's already expensive enough
to use Keystone when not using PKI tokens, and adding another round trip
to Keystone for this kind of thing is not appealing to me. The tenant is
already "validated" when it is used to get the authentication token used
in requests to Neutron, so other than the scenarios where a tenant is
deleted in Keystone (which, with notifications in Keystone, there is now
a solution for), I don't see much value in the extra expense this would
cause.
Best,
-jay
More information about the OpenStack-dev
mailing list