[openstack-dev] [openstack][magnum]Create trustee user for each bay

大塚元央 yuanying at oeilvert.org
Thu Dec 24 08:20:57 UTC 2015

Hi, Hua.

I agree with you if trust_id is secret.
But I think trust_id is not a secret.
User can know trustee_user_name and trustee_password from k8s/swarm
If user knows about other user's trust_id, user can use a other user's
swift resources.
This wii be a security risk.


2015年12月24日(木) 16:49 王华 <wanghua.humble at gmail.com>:

> Hi all,
> I want to create a trustee user for each bay [1]. The discussion for trust
> is in [2].
> Here is my solution:
> I don't create a user for each bay. All the bays no matter who creates it
> use the same user.
> But we create different trust for the user for different bay. The user can
> not access any service without the trust id. So there is no need to create
> a user for each bay.
> [1]
> https://blueprints.launchpad.net/magnum/+spec/create-trustee-user-for-each-bay
> [2]https://review.openstack.org/#/c/254705/
> Regards,
> Wanghua
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151224/1d77c9b6/attachment.html>

More information about the OpenStack-dev mailing list