[nova][api] Behaviour of project_id validation

Surya Seetharaman surya.seetharaman9 at gmail.com
Wed Nov 27 09:35:43 UTC 2019

On Tue, Nov 26, 2019 at 9:26 PM Matt Riedemann <mriedemos at gmail.com> wrote:

> Note that the APIs that would change are admin-only by default. So in
> this case nova is configured with a service user to check if the
> requested project_id exists on behalf of the (admin) user making the
> compute API request to add/remove flavor access (or update quota values
> for a project). The service user does not have enough permissions in
> keystone to check if the project exists. Option 1 is give that service
> user more authority. Option 2 is basically re-raise that error to the
> compute (admin) user to let them know they basically need to fix their
> deployment (option 1 again).
A combo of both solutions where we raise the error to the user and amend
our docs to help them fix it seems good to me.

> I don't think a microversion is necessary for this



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20191127/13a0b20e/attachment.html>

More information about the openstack-discuss mailing list