openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #11450
Re: [Metering] External API definition
On 05/09/2012 08:36 AM, Doug Hellmann wrote:
>
>
> On Tue, May 8, 2012 at 8:43 PM, Nick Barcet <nick.barcet@xxxxxxxxxxxxx
> <mailto:nick.barcet@xxxxxxxxxxxxx>> wrote:
>
> On 05/08/2012 11:39 AM, Doug Hellmann wrote:
> [..]
> > * Requests must be authenticated (separate from keystone, or
> only linked
> > to accounting type account)
> >
> >
> > What is the motivation for authenticating with a service other than
> > keystone?
>
> The only thing I am trying to express here is that that profiles that
> have access to other OpenStack components should not necessarily have
> access to metering information. This information should be accessible
> only a few select users which group may or may not intersect with users
> stored in Keystone already.
>
>
> I see. Is it enough to say that the API is meant for "admin" users only,
> or does that still imply more access than we want to grant?
I don't see the point to try to restrict admins from this, as it would
be mostly pointless in the end, but I do see the need to define a type
of account which only right is to consult this information without any
other privilege.
Nick
Attachment:
signature.asc
Description: OpenPGP digital signature
References