this patch adds several things to attempt (on best effort basis)
to use incoming user token in the quota set request to ask Keystone
if the project id the quota being set on is actualy valid:
- added new [keystone] config section to hold session- and
adapter-realated options for accessing Keystone enndpoint
- added a token- and service catalog-based user auth plugin to the request
context
- use the above to construct a keystoneauth adapter for Identity service
and attempt to GET on projects/{project_id}
- only if the Keystone v3 catalog endpoint is not found, or
the request returns 404 NotFound, we raise an error and return it
as 400 BadRequest to client when attempting to change quotas for
project.
This behavior is enabled by setting a new
[service:api]quotas-verify-project-id config option to True (default is
False for backward compatibility).
Reviewed: https:/ /review. openstack. org/576219 /git.openstack. org/cgit/ openstack/ designate/ commit/ ?id=56651f1fdd5 8f5692103a5039c 6ba54016c7a0b0
Committed: https:/
Submitter: Zuul
Branch: master
commit 56651f1fdd58f56 92103a5039c6ba5 4016c7a0b0
Author: Pavlo Shchelokovskyy <email address hidden>
Date: Tue Jul 3 21:23:19 2018 +0000
Verify project-id when setting quota
this patch adds several things to attempt (on best effort basis)
to use incoming user token in the quota set request to ask Keystone
if the project id the quota being set on is actualy valid:
- added new [keystone] config section to hold session- and realated options for accessing Keystone enndpoint {project_ id}
adapter-
- added a token- and service catalog-based user auth plugin to the request
context
- use the above to construct a keystoneauth adapter for Identity service
and attempt to GET on projects/
- only if the Keystone v3 catalog endpoint is not found, or
the request returns 404 NotFound, we raise an error and return it
as 400 BadRequest to client when attempting to change quotas for
project.
This behavior is enabled by setting a new api]quotas- verify- project- id config option to True (default is
[service:
False for backward compatibility).
Change-Id: Ib14ee5b5628509 b6a93be8b7bd10e 734ab19ffee /review. openstack. org/580142
Depends-On: https:/
Closes-Bug: #1760822