[openstack-dev] [Neutron][Keystone] [Nova] How to validate teanant-id for admin operation

Eichberger, German german.eichberger at hp.com
Fri Apr 24 16:53:35 UTC 2015


Following up from the last Neutron meeting:

If Neutron is performing an operation as an admin on behalf of a user that user's tenant-id (or project-id) isn't validated - in particular an admin can mistype and create object on behalf of non existent users. I am wondering how other projects (e.g. Nova) deal with that and if there is some API support in keystone to save us a round trip (e.g. authenticate admin + validate additional user-id).


More information about the OpenStack-dev mailing list