Neutron not respecting project-scoped tokens

asked 2015-05-22 13:46:04 -0600

RadekS gravatar image

updated 2015-05-22 13:46:57 -0600

My setup is very similar to http://www.florentflament.com/blog/se.... I have a domain1 with project1 and project2.

I'm getting Keystone API v3 tokens. And regardless whether I get a domain, project or domain-project scoped token, using Neutron API I can do whatever I want in whatever project I want.

E.g. I authenticate to get a project1-scoped token and I can happily create networks in project2.

Is this "normal" or am I doing some huge mistake? I'm playing with devstack 2015.2.0 now.

Thanks

edit retag flag offensive close merge delete