Comment 1 for bug 1091505
Revision history for this message
| Gabriel Hurley (gabriel-hurley) wrote | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
I agree 100% on the problem. Unfortunately for Horizon there is no way to identify the service users or projects other than by name, which is configurable and done by convention, not enforced. That means we can't rationally warn an admin about those accounts because we can't guarantee they are or aren't the right ones. There's also no API to update the config files for the other services, that currently has to be done manually.
When the service accounts were first created I strongly argued for filtering them out of the API calls. I think they should be internal and untouchable, not ever exposed.
At the very least Keystone needs some kind of added identifier on both the users and the accounts before anything meaningful can be done with them.