
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">On 11/12/2012 11:33 AM, Mellquist,

      Peter wrote:<br>

    </div>

    <blockquote

cite="mid:F7DACD2842D0844DACB472968051D2E221F5E823@G4W3293.americas.hpqcorp.net"

      type="cite">

      <p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0

        level1 lfo1"><span

          style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span

            style="mso-list:Ignore">·<span style="font:7.0pt "Times

              New Roman"">       

            </span></span></span><!--[endif]--><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">How


          are you proposing to allow cross tenant access? For example,

          the case where one tenant has an admin role to access another

          tenant’s resources.  With existing OS APIs which organize

          resources by tenant, {tenantId}/resources/… , the admin’s

          tenant & role are part of the Keystone headers so it is

          straightforward for the service to control this. Quantum 2.0

          has proposed an query param ’? tenant_id=X’ to handle this.</span></p>

    </blockquote>

    Heat's orchestration model is for a user to orchestrate their own

    resources isolated within their own tenant. This is a design choice

    rather than a technical limitation. For this reason I don't think

    there is a need at this point for cross-tenant API features.<br>

    <blockquote

cite="mid:F7DACD2842D0844DACB472968051D2E221F5E823@G4W3293.americas.hpqcorp.net"

      type="cite">

      <p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0

        level1 lfo1"><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>

      <p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0

        level1 lfo1"><!--[if !supportLists]--><span

          style="font-size:11.0pt;font-family:Symbol;color:#1F497D"><span

            style="mso-list:Ignore">·<span style="font:7.0pt "Times

              New Roman"">       

            </span></span></span><!--[endif]--><span

style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Do


          you need to handle a use case where you would move stacks from

          one tenant to another? How would this be done with no

          tenant_id in the resource?</span></p>

    </blockquote>

    Indeed. I'm actually advocating that we always have the tenant_id in

    the URL.<br>

    <br>

    cheers<br>

  </body>

</html>