Comment 10 for bug 1235450

testing the patches...a suggestion would be for the nova patch to add a test to verify that a 404 gets returned if the project id for the instance does not match the tenant id specified in the header, in order to avoid potential regressions. I don't seem to find this kind of test. However I'd be fine to see this as a follow up patch once the security vulnerability is addressed. What do you think?