I think that would be fine: --tenant FOO implying 'show me results from FOO if I have access to that' makes total sense to me.
On 16 October 2013 17:52, Christopher Yeoh <cbky...@gmail.com> wrote: > > --all-tenants would only be turned on if --tenant was specified, not a > general default. Do you see that causing any problems for non trivial > clouds? > > Chris > > > On Tue, Oct 15, 2013 at 7:26 PM, Robert Collins <robe...@robertcollins.net> > wrote: >> >> Please don't invert the bug though: if --all-tenants becomes the >> default nova server behaviour in v3, please ensure there is a >> --no-all-tenants to unbreak it for non-trivial clouds. >> >> Thanks! >> -Rob >> >> On 15 October 2013 20:54, Lingxian Kong <anlin.k...@gmail.com> wrote: >> > then, what's the conclusion that we can begin to start? >> > >> > >> > 2013/10/15 Christopher Yeoh <cbky...@gmail.com> >> >> >> >> On Tue, Oct 15, 2013 at 10:25 AM, Caitlin Bestler >> >> <caitlin.best...@nexenta.com> wrote: >> >>> >> >>> On 10/14/2013 8:37 AM, Ben Nemec wrote: >> >>>> >> >>>> I agree that this needs to be fixed. It's very counterintuitive, if >> >>>> nothing else (which is also my argument against requiring all-tenants >> >>>> for admin users in the first place). The only question for me is >> >>>> whether to fix it in novaclient or in Nova itself. >> >>> >> >>> >> >>> If it is fixed in novaclient, then any unscrupulous tenant would be >> >>> able >> >>> to unfix it in novaclient themselves and gain the same information >> >>> about >> >>> other tenants that the bug is allowing. >> >>> >> >>> So if the intent is to protect leakage of information across tenant >> >>> lines >> >>> then the correct solution is a real lock (i.e. in Nova) rather >> >>> than just a screen door "lock". >> >>> >> >> >> >> The novaclient fix for V2 would be simply to automatically pass >> >> all-tenants where needed. It would not give a non admin user any extra >> >> privileges even if they modified novaclient. >> >> >> >> Chris >> >> >> >> _______________________________________________ >> >> OpenStack-dev mailing list >> >> OpenStack-dev@lists.openstack.org >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> >> > >> > >> > >> > -- >> > -------------------------------------------- >> > Lingxian Kong >> > Huawei Technologies Co.,LTD. >> > IT Product Line CloudOS PDU >> > China, Xi'an >> > Mobile: +86-18602962792 >> > Email: konglingx...@huawei.com; anlin.k...@gmail.com >> > >> > _______________________________________________ >> > OpenStack-dev mailing list >> > OpenStack-dev@lists.openstack.org >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> >> >> >> -- >> Robert Collins <rbtcoll...@hp.com> >> Distinguished Technologist >> HP Converged Cloud >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Robert Collins <rbtcoll...@hp.com> Distinguished Technologist HP Converged Cloud _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
