Designate

  1. Bug #1760822
  2. Comment #15

Comment 15 for bug 1760822

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to designate (master)

Reviewed: https://review.openstack.org/576219
Committed: https://git.openstack.org/cgit/openstack/designate/commit/?id=56651f1fdd58f5692103a5039c6ba54016c7a0b0
Submitter: Zuul
Branch: master

commit 56651f1fdd58f5692103a5039c6ba54016c7a0b0
Author: Pavlo Shchelokovskyy <email address hidden>
Date: Tue Jul 3 21:23:19 2018 +0000

    Verify project-id when setting quota

    this patch adds several things to attempt (on best effort basis)
    to use incoming user token in the quota set request to ask Keystone
    if the project id the quota being set on is actualy valid:

    - added new [keystone] config section to hold session- and
      adapter-realated options for accessing Keystone enndpoint
    - added a token- and service catalog-based user auth plugin to the request
      context
    - use the above to construct a keystoneauth adapter for Identity service
      and attempt to GET on projects/{project_id}

      - only if the Keystone v3 catalog endpoint is not found, or
        the request returns 404 NotFound, we raise an error and return it
        as 400 BadRequest to client when attempting to change quotas for
        project.

    This behavior is enabled by setting a new
    [service:api]quotas-verify-project-id config option to True (default is
    False for backward compatibility).

    Change-Id: Ib14ee5b5628509b6a93be8b7bd10e734ab19ffee
    Depends-On: https://review.openstack.org/580142
    Closes-Bug: #1760822