two questions here: 1. whther '--all-tenants' should be with '--tenant' or not. 2. can admin see other tenant's server using its name instead of id?
2013/10/16 Robert Collins <robe...@robertcollins.net> > I think that would be fine: --tenant FOO implying 'show me results > from FOO if I have access to that' makes total sense to me. > > On 16 October 2013 17:52, Christopher Yeoh <cbky...@gmail.com> wrote: > > > > --all-tenants would only be turned on if --tenant was specified, not a > > general default. Do you see that causing any problems for non trivial > > clouds? > > > > Chris > > > > > > On Tue, Oct 15, 2013 at 7:26 PM, Robert Collins < > robe...@robertcollins.net> > > wrote: > >> > >> Please don't invert the bug though: if --all-tenants becomes the > >> default nova server behaviour in v3, please ensure there is a > >> --no-all-tenants to unbreak it for non-trivial clouds. > >> > >> Thanks! > >> -Rob > >> > >> On 15 October 2013 20:54, Lingxian Kong <anlin.k...@gmail.com> wrote: > >> > then, what's the conclusion that we can begin to start? > >> > > >> > > >> > 2013/10/15 Christopher Yeoh <cbky...@gmail.com> > >> >> > >> >> On Tue, Oct 15, 2013 at 10:25 AM, Caitlin Bestler > >> >> <caitlin.best...@nexenta.com> wrote: > >> >>> > >> >>> On 10/14/2013 8:37 AM, Ben Nemec wrote: > >> >>>> > >> >>>> I agree that this needs to be fixed. It's very counterintuitive, > if > >> >>>> nothing else (which is also my argument against requiring > all-tenants > >> >>>> for admin users in the first place). The only question for me is > >> >>>> whether to fix it in novaclient or in Nova itself. > >> >>> > >> >>> > >> >>> If it is fixed in novaclient, then any unscrupulous tenant would be > >> >>> able > >> >>> to unfix it in novaclient themselves and gain the same information > >> >>> about > >> >>> other tenants that the bug is allowing. > >> >>> > >> >>> So if the intent is to protect leakage of information across tenant > >> >>> lines > >> >>> then the correct solution is a real lock (i.e. in Nova) rather > >> >>> than just a screen door "lock". > >> >>> > >> >> > >> >> The novaclient fix for V2 would be simply to automatically pass > >> >> all-tenants where needed. It would not give a non admin user any > extra > >> >> privileges even if they modified novaclient. > >> >> > >> >> Chris > >> >> > >> >> _______________________________________________ > >> >> OpenStack-dev mailing list > >> >> OpenStack-dev@lists.openstack.org > >> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >> >> > >> > > >> > > >> > > >> > -- > >> > -------------------------------------------- > >> > Lingxian Kong > >> > Huawei Technologies Co.,LTD. > >> > IT Product Line CloudOS PDU > >> > China, Xi'an > >> > Mobile: +86-18602962792 > >> > Email: konglingx...@huawei.com; anlin.k...@gmail.com > >> > > >> > _______________________________________________ > >> > OpenStack-dev mailing list > >> > OpenStack-dev@lists.openstack.org > >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >> > > >> > >> > >> > >> -- > >> Robert Collins <rbtcoll...@hp.com> > >> Distinguished Technologist > >> HP Converged Cloud > >> > >> _______________________________________________ > >> OpenStack-dev mailing list > >> OpenStack-dev@lists.openstack.org > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > > > _______________________________________________ > > OpenStack-dev mailing list > > OpenStack-dev@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > -- > Robert Collins <rbtcoll...@hp.com> > Distinguished Technologist > HP Converged Cloud > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- *---------------------------------------* *Lingxian Kong* Huawei Technologies Co.,LTD. IT Product Line CloudOS PDU China, Xi'an Mobile: +86-18602962792 Email: konglingx...@huawei.com; anlin.k...@gmail.com
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
