Comment 7 for bug 1118066

>"And as an admin (trusted user), we expect them to not break things."
>
>Sorry, I am going to have to disagree with you on this. The interface gives no indication that the request failed to produce the >desired effect. Add to that several facts: many quota-exceeded errors are masked by other quota exceeded error names and end >users will report quota exceeded errors as "my instance failed to start". These all add up to a bad user experience."

Yup, the UX is horrible for this one. can you expand on the error masking point?

>"This is part of a bigger issue, which is nova doesn't have great RBAC support. Say you want to create a tenant admin who can set >quotas per user."
>
>I don't see how role-based access control is necessary when a simple check "does this string correspond to a real project UUID (or >name if you want to support that)" would suffice.

So nova doesn't keep track of project UUIDs, so this would have to be implemented as a call out to keystone. So I am not very familiar with the keystone API but I think you would need to call v2.0/tenants{/tenantId} (http://docs.openstack.org/api/openstack-identity-service/2.0/content/Tenant_Operations.html) to make sure the tenant is valid or not.

>
>Marking as open for these reasons.

Perhaps opinion was the wrong status, while I agree that there is something to fix here, I am not sure how you want to change things. For this to be confirmed I would like a more explicit explanation of what the issue is and what the desired outcome should be. Do you just want to make sure the tenant is valid? If so I can get behind that, but the bug description needs some updating.