[openstack-helm] switching to using service's user for requests
Mohammed Naser
mnaser at vexxhost.com
Sun Feb 12 17:54:44 UTC 2023
Hi team,
I'm wondering if it makes sense for us to make a change in all of OpenStack
Helm's code in order to make it use the service user for all requests.
For example, right now, we are using the placement user in the
`[placement]` section in Neutron, or the Neutron user in the `[neutron]`
section in Nova. However, all of these users have the same
exact role and permissions, so I believe it would help a lot in locking
down services (let's say placement gets compromised, you can lock it's user
only).
I also think it will significantly simplify all of our code for endpoints
for the different services, since we'll just be re-using the same
credentials.
Let me know what everyone thinks.
Thanks,
Mohammed
--
Mohammed Naser
VEXXHOST, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230212/658423c4/attachment.htm>
More information about the openstack-discuss
mailing list