I'm using essex 2012.1 and I'm running into an issue with tenant separation using the ec2 api. I end up having to give a user the 'admin' role in keytone to create instances within a tenant. I can live with that but the problem is, now that the user has 'admin', they also see all of the instances including ones from other tenants via a describe_instances().
If I only give them the 'Member' role, they can only see the instances within thier default tenant but they can't create instances. Also, if they only have 'Member', I'm able to create instances via horizon manually. I'm assuming I'm missing some combination of roles I need to setup to allow a users to create instances in thier default tenant but not see other instances in other tenants. _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
