[openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

Robert Collins robertc at robertcollins.net
Tue Apr 29 06:25:02 UTC 2014


On 29 April 2014 12:27, Dolph Mathews <dolph.mathews at gmail.com> wrote:
>


> Sure: domain names are unambiguous but user mutable, whereas Heat's approach
> to using admin tenant "name" is at risk to both mutability and ambiguity (in
> a multi-domain deployment).

Isn't domainname/user unambiguous and unique? mutability is really not
keystones choice.

If keystone won't accept domainname/user then that will force us to
either do two stack-updates for a single deploy (ugly) or write
patches to heat (and neutron where the callback-to-nova support has
the same issue) to manually try a lookup and work around this.

Since its trivial to write such a thunk, what benefit is there to your
users - e.g. TripleO/heat/nova not have it in keystone itself?

-Rob

-- 
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud



More information about the OpenStack-dev mailing list