Comment 3 for bug 1804042

I agree with Adrian, I won't advocate for any implementation but just for the feature itself.

There is a huge requirement for being able to restrict administrative- and service accounts which is our primary use-case, since authentication right now is very a very vulnerable part in a security aspect of an OpenStack based cloud right now.

It can also be seen as a feature where customers of your cloud could IP restirct there project/user which is a great win if they just want to have access to the account from their office for example.

I would hope that it's implemented in a way that makes project admins/user to be able to restrict their own accounts, but even if that not the case we could make our business logic provision that for them, and I guess users of for example Adjutant could do the same.