Behaviour of all_tenants with Keystone V3 Domains?

asked 2013-07-20 22:46:09 -0500

justin-fathomdb gravatar image

How is server listing with all_tenants supposed to work with Keystone domains? If I'm an admin of Domain1, I'm likely not an admin of Domain2. So, presumably all_tenants in a Domain1 project should list all projects under Domain1, but not those under Domain2.

But I thought nova wasn't aware of Keystone domains (?)...

How is this supposed to work?

answered 2013-07-21 19:19:42 -0500

mriedem gravatar image

Can you post the question to the mailing list?

answered 2013-07-22 14:55:47 -0500

david-lyle gravatar image

Keystone doesn't currently have a role for Domain admin. You are either admin (super admin) or member. I agree that this is highly problematic. The behavior of all_tenants does not honor domain boundaries as there is no built in role there.

