two questions here: 1. whther '--all-tenants' should be with '--tenant' or not. 2. can admin see other tenant's server using its name instead of id?
2013/10/16 Robert Collins <[email protected]> > I think that would be fine: --tenant FOO implying 'show me results > from FOO if I have access to that' makes total sense to me. > > On 16 October 2013 17:52, Christopher Yeoh <[email protected]> wrote: > > > > --all-tenants would only be turned on if --tenant was specified, not a > > general default. Do you see that causing any problems for non trivial > > clouds? > > > > Chris > > > > > > On Tue, Oct 15, 2013 at 7:26 PM, Robert Collins < > [email protected]> > > wrote: > >> > >> Please don't invert the bug though: if --all-tenants becomes the > >> default nova server behaviour in v3, please ensure there is a > >> --no-all-tenants to unbreak it for non-trivial clouds. > >> > >> Thanks! > >> -Rob > >> > >> On 15 October 2013 20:54, Lingxian Kong <[email protected]> wrote: > >> > then, what's the conclusion that we can begin to start? > >> > > >> > > >> > 2013/10/15 Christopher Yeoh <[email protected]> > >> >> > >> >> On Tue, Oct 15, 2013 at 10:25 AM, Caitlin Bestler > >> >> <[email protected]> wrote: > >> >>> > >> >>> On 10/14/2013 8:37 AM, Ben Nemec wrote: > >> >>>> > >> >>>> I agree that this needs to be fixed. It's very counterintuitive, > if > >> >>>> nothing else (which is also my argument against requiring > all-tenants > >> >>>> for admin users in the first place). The only question for me is > >> >>>> whether to fix it in novaclient or in Nova itself. > >> >>> > >> >>> > >> >>> If it is fixed in novaclient, then any unscrupulous tenant would be > >> >>> able > >> >>> to unfix it in novaclient themselves and gain the same information > >> >>> about > >> >>> other tenants that the bug is allowing. > >> >>> > >> >>> So if the intent is to protect leakage of information across tenant > >> >>> lines > >> >>> then the correct solution is a real lock (i.e. in Nova) rather > >> >>> than just a screen door "lock". > >> >>> > >> >> > >> >> The novaclient fix for V2 would be simply to automatically pass > >> >> all-tenants where needed. It would not give a non admin user any > extra > >> >> privileges even if they modified novaclient. > >> >> > >> >> Chris > >> >> > >> >> _______________________________________________ > >> >> OpenStack-dev mailing list > >> >> [email protected] > >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >> >> > >> > > >> > > >> > > >> > -- > >> > -------------------------------------------- > >> > Lingxian Kong > >> > Huawei Technologies Co.,LTD. > >> > IT Product Line CloudOS PDU > >> > China, Xi'an > >> > Mobile: +86-18602962792 > >> > Email: [email protected]; [email protected] > >> > > >> > _______________________________________________ > >> > OpenStack-dev mailing list > >> > [email protected] > >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >> > > >> > >> > >> > >> -- > >> Robert Collins <[email protected]> > >> Distinguished Technologist > >> HP Converged Cloud > >> > >> _______________________________________________ > >> OpenStack-dev mailing list > >> [email protected] > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > > > _______________________________________________ > > OpenStack-dev mailing list > > [email protected] > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > -- > Robert Collins <[email protected]> > Distinguished Technologist > HP Converged Cloud > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- *---------------------------------------* *Lingxian Kong* Huawei Technologies Co.,LTD. IT Product Line CloudOS PDU China, Xi'an Mobile: +86-18602962792 Email: [email protected]; [email protected]
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
