<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small">I think 'tenant_id' should always be validated when creating neutron resources, whether or not Neutron can handle the notifications from Keystone when tenant is deleted.</div>
<div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small">thoughts?</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">2014-02-20 20:21 GMT+08:00 Dong Liu <span dir="ltr"><<a href="mailto:willowd878@gmail.com" target="_blank">willowd878@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Dolph, thanks for the information you provided.<br>
<br>
Now I have two question:<br>
1. Will neutron handle this event notification in the future?<br>
2. I also wish neutron could verify that tenant_id is existent.<br>
<br>
thanks<br>
<br>
ÓÚ 2014-02-20 4:33, Dolph Mathews Ð´µÀ:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">
There's an open bug [1] against nova & neutron to handle notifications<br>
[2] from keystone about such events. I'd love to see that happen during<br>
Juno!<br>
<br>
[1] <a href="https://bugs.launchpad.net/nova/+bug/967832" target="_blank">https://bugs.launchpad.net/<u></u>nova/+bug/967832</a><br>
[2] <a href="http://docs.openstack.org/developer/keystone/event_notifications.html" target="_blank">http://docs.openstack.org/<u></u>developer/keystone/event_<u></u>notifications.html</a><br>
<br>
On Mon, Feb 17, 2014 at 6:35 AM, Yongsheng Gong <<a href="mailto:gongysh@unitedstack.com" target="_blank">gongysh@unitedstack.com</a><br></div><div class="">
<mailto:<a href="mailto:gongysh@unitedstack.com" target="_blank">gongysh@unitedstack.<u></u>com</a>>> wrote:<br>
<br>
    It is not easy to enhance it. If we check the tenant_id on creation,<br>
    if should we  also to do some job when keystone delete tenant?<br>
<br>
<br>
    On Mon, Feb 17, 2014 at 6:41 AM, Dolph Mathews<br></div><div class="">
    <<a href="mailto:dolph.mathews@gmail.com" target="_blank">dolph.mathews@gmail.com</a> <mailto:<a href="mailto:dolph.mathews@gmail.com" target="_blank">dolph.mathews@gmail.<u></u>com</a>>> wrote:<br>
<br>
        keystoneclient.middlware.auth_<u></u>token passes a project ID (and<br>
        name, for convenience) to the underlying application through the<br>
        WSGI environment, and already ensures that this value can not be<br>
        manipulated by the end user.<br>
<br>
        Project ID's (redundantly) passed through other means, such as<br>
        URLs, are up to the service to independently verify against<br>
        keystone (or equivalently, against the WSGI environment), but<br>
        can be directly manipulated by the end user if no checks are in<br>
        place.<br>
<br>
        Without auth_token in place to manage multitenant authorization,<br>
        I'd still expect services to blindly trust the values provided<br>
        in the environment (useful for both debugging the service and<br>
        alternative deployment architectures).<br>
<br>
        On Sun, Feb 16, 2014 at 8:52 AM, Dong Liu <<a href="mailto:willowd878@gmail.com" target="_blank">willowd878@gmail.com</a><br></div><div class="">
        <mailto:<a href="mailto:willowd878@gmail.com" target="_blank">willowd878@gmail.com</a>>> wrote:<br>
<br>
            Hi stackers:<br>
<br>
            I found that when creating network subnet and other<br>
            resources, the attribute tenant_id<br>
            can be set by admin tenant. But we did not verify that if<br>
            the tanent_id is real in keystone.<br>
<br>
            I know that we could use neutron without keystone, but do<br>
            you think tenant_id should<br>
            be verified when we using neutron with keystone.<br>
<br>
            thanks<br>
            ______________________________<u></u>_________________<br>
            OpenStack-dev mailing list<br>
            <a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.<u></u>org</a><br></div>
            <mailto:<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.<u></u>openstack.org</a>><div class=""><br>
            <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
<br>
<br>
<br>
        ______________________________<u></u>_________________<br>
        OpenStack-dev mailing list<br>
        <a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.<u></u>org</a><br></div>
        <mailto:<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.<u></u>openstack.org</a>><div class=""><br>
        <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
<br>
<br>
<br>
    ______________________________<u></u>_________________<br>
    OpenStack-dev mailing list<br>
    <a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.<u></u>org</a><br></div>
    <mailto:<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.<u></u>openstack.org</a>><div class=""><br>
    <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.<u></u>org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
<br>
</div></blockquote><div class="HOEnZb"><div class="h5">
<br>
______________________________<u></u>_________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.<u></u>org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div><b><font color="#000000" style="background-color:rgb(243,243,243)" face="courier new, monospace">---------------------------------------</font></b></div>
<div><font color="#0000ff" face="comic sans ms, sans-serif"><b>Lingxian Kong</b></font></div><div><font color="#ff00ff" face="comic sans ms, sans-serif">Huawei Technologies Co.,LTD.</font></div><div><font color="#ff00ff" face="comic sans ms, sans-serif">IT Product Line CloudOS PDU</font></div>
<div><font color="#ff00ff" face="comic sans ms, sans-serif">China, Xi'an</font></div><div><font color="#ff00ff" face="comic sans ms, sans-serif">Mobile: +86-18602962792</font></div><div><font color="#ff00ff" face="comic sans ms, sans-serif">Email: <a href="mailto:konglingxian@huawei.com" target="_blank">konglingxian@huawei.com</a>; <a href="mailto:anlin.kong@gmail.com" target="_blank">anlin.kong@gmail.com</a></font></div>
</div>
</div>