<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">1) This does raise a security concern. We can however cover it with a separate policy-based permission, that would check if a user can view all tenants. nova seem to do so, see: <a href="https://github.com/openstack/nova/blob/4209d0140774adf3e162b7bde3cbd6b417065dd5/etc/nova/policy.json#L13">https://github.com/openstack/nova/blob/4209d0140774adf3e162b7bde3cbd6b417065dd5/etc/nova/policy.json#L13</a></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">2) Will give it some thought, but it does seem like an ok practice.</div> <br> <div id="bloop_sign_1436357357512638208" class="bloop_sign"><div style="font-family:helvetica,arial;font-size:13px">-- <br>Kirill Zaitsev<br>Murano team</div><div style="font-family:helvetica,arial;font-size:13px">Software Engineer</div><div style="font-family:helvetica,arial;font-size:13px">Mirantis, Inc</div></div> <br><p class="airmail_on" style="color:#000;">On 8 Jul 2015 at 14:44:51, Filip Blaha (<a href="mailto:filip.blaha@hp.com">filip.blaha@hp.com</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div><div></div><div>Hi all,
<br>
<br>I started implement bp [1]. Problem is that congress needs data about
<br>environments from all tenants but murano API lists only environments of
<br>user's current tenant. We decided to ipmplement it similarly like
<br>listing servers in nova where is query parameter all_tenants=true for
<br>that (user must be admin) I have 2 questions about that:
<br>
<br>1) Are there any security concerns about this approach?
<br>2) Has someone better idea how to implement this?
<br>
<br>[1]
<br>https://blueprints.launchpad.net/murano/+spec/murano-api-all-tenants-search
<br>
<br>Regards
<br>Filip
<br>
<br>
<br>
<br>__________________________________________________________________________
<br>OpenStack Development Mailing List (not for usage questions)
<br>Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
<br>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
<br></div></div></span></blockquote></body></html>