Comment 20 for bug 1576804

As a further comment, we'll be receiving samples from different customers. We wish to be able to group all resources from every project from a specific customer within a domain, and not let that customer to view/edit resources belonging to a different customer (each customer will be issued a domain-scoped project).
This scenario is the reason behind looking for domain rbac on gnocchi. When I edited the "created_by_project_id" value with a domain_id, and hardcode the domain-id in https://github.com/openstack/gnocchi/blob/master/gnocchi/rest/__init__.py#L123, the resource list shows only that resource. It would be perfect if we could limit all potentially destructive actions (update/delete a resource/metric) to the user's domain only (since in ceilometer.conf in [service_credentials] we configure that customer's domain credentials only).

Please let me know if I didn't make myself clear.

Thanks a lot, regards.