Open Stack

On 05/13/2013 11:25 AM, Jorge Williams wrote:
> On May 13, 2013, at 9:43 AM, Jay Pipes wrote:
> 
>> On 05/11/2013 01:48 PM, Jorge Williams wrote:
>>> Hey Guys,
>>>
>>> Sorry to come into the conversation a bit late.
>>>
>>> One of the reasons for having the tenatId in the URI is that it allows us to easily introspect what tenant a particular resource belongs to.  You can think of the tenant as literally a container for all of the resources that belong to that tenant.  How resources are organized into tenants (or containers or projects whatever you want to call them)  is up to the operator of the OpenStack service and for big deployments these organizations can be tied to rules and polices, so it becomes important that given a certain resource we can easily tell what tenant that resource belongs to.
>>>
>>> If we are going to lose the tenant from the URI, we would need an alternative way of doing this introspection in a manner that is consistent between OpenStack APIs.  I'm not entirely married to keeping it in the tenant in the URI, but I certainly don't want to lose the ability to introspect it.
>>>
>>> Thanks,
>>
>> The X-Project-Id HTTP header would contain this information, no? Or are
>> you just requesting that all the different OpenStack projects ensure
>> this particular header is always included in responses?
> 
> Hey Jay,
> 
> As I understand it, the X-Project-Id tells you the project that the user has access to, not the project that the resource belongs to.

The X-Tenant-Id/X-Project-Id header should be exactly the same as the
tenant ID immediately after the version in the URIs of Nova and
Keystone. Isn't that what you are talking about above?

Best,
-jay