Comment 6 for bug 1118066
Revision history for this message
| Scott Devoid (scott-devoid) wrote Re: Possible to get and update quotas for nonexistant tenant | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
"And as an admin (trusted user), we expect them to not break things."
Sorry, I am going to have to disagree with you on this. The interface gives no indication that the request failed to produce the desired effect. Add to that several facts: many quota-exceeded errors are masked by other quota exceeded error names and end users will report quota exceeded errors as "my instance failed to start". These all add up to a bad user experience.
"This is part of a bigger issue, which is nova doesn't have great RBAC support. Say you want to create a tenant admin who can set quotas per user."
I don't see how role-based access control is necessary when a simple check "does this string correspond to a real project UUID (or name if you want to support that)" would suffice.
Marking as open for these reasons.