Nova doesn't validate user/project is valid from keystone during admin operations
Bug #1544989 reported by
Sean Dague
This bug affects 7 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Low
|
Sean Dague |
Bug Description
For any API call to Nova which takes a tenant_id / user_id as a parameter, and inserts it into the Nova database, no validation is done of these values.
This is currently by design, largely because there is no clear way to check the existence of those users/projects. Nova has no generic credentials to do that to Keystone. It's unclear if there is a way to do this from a non admin user.
Many other bugs are related to this fundamental issue for which there is no infrastructure. This includes updating quotas, adding access to flavors, etc. This will be a placeholder for all those bugs until there is some way to actually address this at the root.
Changed in nova: | |
assignee: | nobody → Ravali Gudipati (ravali.gudipati) |
description: | updated |
To post a comment you must log in.
Marked Low because we really have no idea how to get the core infrastructure together to address this.