[api-sig][neutron] Question on oslo policy assertion when supplied attribute equals the default

Michael McCune msm at redhat.com
Tue Apr 23 13:33:59 UTC 2019

On Tue, Apr 23, 2019 at 3:19 AM Slawek Kaplonski <skaplons at redhat.com> wrote:
> But in some corner case it might be even patched and defaults can be different
> in some specific cloud.

after replying to Nate last night, this was the only corner case i
could think of as well. there /could/ exist a situation  where an
operator has modified the defaults such that they are not in the
upstream source, in this case the "default hunting" could be seen as
an exposure of information. whether that information is useful or not,
i am still not sure about but it's worth noting. good observation =)

> Maybe for such case we can make this new behaviour configurable? So there would
> be some config option which operator can use to disable accepting default values
> for forbidden parameters.

this sounds nice, my concern here would be that it is over-complicated
for operators but maybe i'm just getting too close to the bike shed ;)

peace o/

More information about the openstack-discuss mailing list