56651f1fdd
this patch adds several things to attempt (on best effort basis)
to use incoming user token in the quota set request to ask Keystone
if the project id the quota being set on is actualy valid:
- added new [keystone] config section to hold session- and
adapter-realated options for accessing Keystone enndpoint
- added a token- and service catalog-based user auth plugin to the request
context
- use the above to construct a keystoneauth adapter for Identity service
and attempt to GET on projects/{project_id}
- only if the Keystone v3 catalog endpoint is not found, or
the request returns 404 NotFound, we raise an error and return it
as 400 BadRequest to client when attempting to change quotas for
project.
This behavior is enabled by setting a new
[service:api]quotas-verify-project-id config option to True (default is
False for backward compatibility).
Change-Id: Ib14ee5b5628509b6a93be8b7bd10e734ab19ffee
Depends-On: https://review.openstack.org/580142
Closes-Bug: #1760822
8 lines
279 B
YAML
8 lines
279 B
YAML
---
|
|
features:
|
|
- |
|
|
Designate can verify validity of the project id when setting quotas for it.
|
|
This feature is enabled by setting a new configuration option
|
|
``[service:api]quotas_verify_project_id`` to ``True`` (default is ``False``
|
|
for backward compatibility).
|