<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small"><br></div><div class="gmail_extra"><br><div class="gmail_quote">2014-02-25 11:25 GMT+08:00 Dong Liu <span dir="ltr"><<a href="mailto:willowd878@gmail.com" target="_blank">willowd878@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Thanks Jay, now I know maybe neutron will not handle tenant creating/deleting notifications which from keystone.<br>
<br>
There is another question, such as creating subnet request body:<br>
{<br>
"subnet": {<br>
"name": "test_subnet",<br>
"enable_dhcp": true,<br>
"network_id": "57596b26-080d-4802-8cce-<u></u>4318b7e543d5",<br>
"ip_version": 4,<br>
"cidr": "<a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a>",<br>
"tenant_id": "<u></u>4209c294d1bb4c36acdfaa885075e0<u></u>f1"<br></blockquote><div><br></div><div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small">So, this is exactly what I mean for 'temant_id' here that should be validated. </div>
</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:x-small">I insist this could be done via some middleware or else.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
}<br>
}<br>
As we know, the tenant_id can only be specified by admin tenant.<br>
<br>
In my test, the tenant_id I filled in the body can be any string (e.g., a name, an uuid, etc.) But I think this tenant existence (I mean if the tenant exists in keystone) should be verified, if not, the subnet I created will be an useless resource.<br>
<br>
Regards,<br>
Dong Liu<div class=""><div class="h5"><br>
<br>
On 2014-02-25 0:22, Jay Pipes Wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
On Mon, 2014-02-24 at 16:23 +0800, Lingxian Kong wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
I think 'tenant_id' should always be validated when creating neutron<br>
resources, whether or not Neutron can handle the notifications from<br>
Keystone when tenant is deleted.<br>
</blockquote>
<br>
-1<br>
<br>
Personally, I think this cross-service request is likely too expensive<br>
to do on every single request to Neutron. It's already expensive enough<br>
to use Keystone when not using PKI tokens, and adding another round trip<br>
to Keystone for this kind of thing is not appealing to me. The tenant is<br>
already "validated" when it is used to get the authentication token used<br>
in requests to Neutron, so other than the scenarios where a tenant is<br>
deleted in Keystone (which, with notifications in Keystone, there is now<br>
a solution for), I don't see much value in the extra expense this would<br>
cause.<br>
<br>
Best,<br>
-jay<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.<u></u>org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
<br>
</blockquote>
<br>
______________________________<u></u>_________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.<u></u>org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div><b><font color="#000000" style="background-color:rgb(243,243,243)" face="courier new, monospace">---------------------------------------</font></b></div>
<div><font color="#0000ff" face="comic sans ms, sans-serif"><b>Lingxian Kong</b></font></div><div><font color="#ff00ff" face="comic sans ms, sans-serif">Huawei Technologies Co.,LTD.</font></div><div><font color="#ff00ff" face="comic sans ms, sans-serif">IT Product Line CloudOS PDU</font></div>
<div><font color="#ff00ff" face="comic sans ms, sans-serif">China, Xi'an</font></div><div><font color="#ff00ff" face="comic sans ms, sans-serif">Mobile: +86-18602962792</font></div><div><font color="#ff00ff" face="comic sans ms, sans-serif">Email: <a href="mailto:konglingxian@huawei.com" target="_blank">konglingxian@huawei.com</a>; <a href="mailto:anlin.kong@gmail.com" target="_blank">anlin.kong@gmail.com</a></font></div>
</div>
</div></div>