openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #15421
Re: EC2 api and tenants
Which version of the code are you using? This could potentially be a bug.
Can you give some more information on what goes wrong with creating an instance?
Do you get a traceback anywhere?
Vish
On Aug 2, 2012, at 1:23 PM, Mitchell Broome <mitchell.broome@xxxxxxxxx> wrote:
> I'm using essex 2012.1 and I'm running into an issue with tenant
> separation using the ec2 api. I end up having to give a user the
> 'admin' role in keytone to create instances within a tenant. I can
> live with that but the problem is, now that the user has 'admin', they
> also see all of the instances including ones from other tenants via a
> describe_instances().
>
> If I only give them the 'Member' role, they can only see the instances
> within thier default tenant but they can't create instances. Also, if
> they only have 'Member', I'm able to create instances via horizon
> manually.
>
> I'm assuming I'm missing some combination of roles I need to setup to
> allow a users to create instances in thier default tenant but not see
> other instances in other tenants.
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
References