[openstack-dev] [Neutron][Keystone] [Nova] How to validate teanant-id for admin operation
Eichberger, German
german.eichberger at hp.com
Fri Apr 24 16:53:35 UTC 2015
All,
Following up from the last Neutron meeting:
If Neutron is performing an operation as an admin on behalf of a user that user's tenant-id (or project-id) isn't validated - in particular an admin can mistype and create object on behalf of non existent users. I am wondering how other projects (e.g. Nova) deal with that and if there is some API support in keystone to save us a round trip (e.g. authenticate admin + validate additional user-id).
Thanks,
German
More information about the OpenStack-dev
mailing list