On 06/17/13 at 01:30pm, Ben Nemec wrote:
Is there ever a situation where you would use tenant_id and not want
all_tenants=1? If there is then I can maybe see leaving it, but if
tenant_id implies all_tenants=1 then IMHO it's rather poor to force
the user to remember to set it.
I tend to agree with Chris that all_tenants should still be required,
unless we want to get rid of all_tenants entirely. I don't see why
--tenant should imply it, but other admin only search options like
status/flavor/host wouldn't.
To be honest, as someone fairly new to OpenStack I found it very
unintuitive that a request made as an admin user doesn't behave as
though it came from an admin unless an extra option is set. By way
of analogy, I feel like this would be similar to if vim required you
to do "# vim --as-root some-file" to edit a file as root. I already
authenticated as root (or admin), why are you forcing me to reiterate
that I am? If I don't want admin privileges I won't use an admin
user.
This feels like the heart of the issue to me. Are there use cases for
an admin user to not use those admin privileges unless specifically
asked for, or would it be better to assume an admin user is always
acting as an admin? And if we can come to some consensus on that we
should be consistent with that policy across all API requests and client
commands.
/my 2 cents
-Ben
On 2013-06-17 12:12, Chris Behrens wrote:
The original intent behind 'all_tenants=1' was whether or not to
include all instances for all tenants in the filtering process.
Basically it means "Should I operate as admin or not?". I still view
it this way, and would prefer it still mean this (although it might be
more clear with a different name).
This means that if you're an admin… you're not treated as one UNTIL
you specify all_tenants=1. So technically I think specifying a
'tenant_id' filter should raise or do whatever it does for a normal
user. I don't think specifying a 'tenant_id' filter should mean that
we automatically turn 'all_tenants' on.
I don't see the bug deal in needing to remember to use all_tenants=1
so that all instances will be filtered, not just the instances belong
to the admin user.
My opinion,
- Chris
On Jun 16, 2013, at 11:09 PM, Aarti Mahesh Kriplani
<aarti.kripl...@rackspace.com> wrote:
Hello all,
There have been a few contrasting views on this bug
[1]<https://bugs.launchpad.net/nova/+bug/1185290 [1]>.
I would really like some views on how we want to use the
all-tenenats flag going ahead.
Comments/Suggestions?
Thanks,
Aarti _______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Links:
------
[1] https://bugs.launchpad.net/nova/+bug/1185290
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
