Validate project with Keystone
Today there is no functionality to validate the tenant that is consumed by nova. One reason for the lack of such functionality is performance, where validating to external services can cause poor performance. However, such functionality is needed in cases where the user passes in the project ID or name (e.g. quota management), so that the correct quota is set.
Blueprint information
- Status:
- Complete
- Approver:
- Matt Riedemann
- Priority:
- Low
- Drafter:
- Thang Pham
- Direction:
- Approved
- Assignee:
- Sean Dague
- Definition:
- Approved
- Series goal:
- Accepted for pike
- Implementation:
- Implemented
- Milestone target:
- pike-2
- Started by
- Matt Riedemann
- Completed by
- Matt Riedemann
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Validate tenant and user with Keystone
Spec not approved yet, un-targeting blueprint from juno-1 --johnthetubaguy (28th May 2014)
You should not set a milestone target unless the blueprint has been properly prioritized by the project drivers.
Gerrit topic: https:/
Addressed by: https:/
Validate project with Keystone
Sorry, we have now hit the non-priority feature freeze for kilo. Please resubmit your spec for the L release. --johnthetubaguy 5th Feb 2015
auggy March 9, 2016: Updates from mriedem via irc:
basically, our quota-update API allows you to pass garbage for a tenant. if the quotas don't exist for the tenant, it creates new defaults for it even if the tenant doesn't actually exist in keystone so it's just a change to add a validation of the tenant in keystone
auggy March 15, 2016: I spoke with the original author and was informed I could take over this spec.
Addressed by: https:/
Today there is no functionality to validate the tenant that is consumed by nova. One reason for the lack of such functionality is performance, where validating to external services can cause poor performance. However, such functionality is needed in cases
There is no code up for this yet and we're at non-priority feature freeze so this is going to be deferred for
the Newton release. You can re-propose a spec for Ocata if you plan to pursue this.
-- mriedem 20160629
Addressed by: https:/
Add Keystone project validation to quota and flavor management
Addressed by: https:/
Rename valid-project-
We're two weeks from the Ocata feature freeze and there is no code up for this yet so I'm going to defer it to Pike. The spec will need to be re-proposed for Pike if someone plans on working on it. -- mriedem 20170112
Re-approved for Pike. Sean Dague is taking this over. -- mriedem 20170214
Gerrit topic: https:/
Addressed by: https:/
WIP: verify project_id when quotas are checked
Addressed by: https:/
Verify project id for flavor access calls
Addressed by: https:/
Verify project_id when quotas are checked