[openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

Miller, Mark M (EB SW Cloud - R&D - Corvallis) mark.m.miller at hp.com
Tue Apr 29 15:56:23 UTC 2014


In Keystone, users are assigned to a domain when they are created. This is a unique combination. 

-----Original Message-----
From: Robert Collins [mailto:robertc at robertcollins.net] 
Sent: Monday, April 28, 2014 11:25 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

On 29 April 2014 12:27, Dolph Mathews <dolph.mathews at gmail.com> wrote:
>


> Sure: domain names are unambiguous but user mutable, whereas Heat's 
> approach to using admin tenant "name" is at risk to both mutability 
> and ambiguity (in a multi-domain deployment).

Isn't domainname/user unambiguous and unique? mutability is really not keystones choice.

If keystone won't accept domainname/user then that will force us to either do two stack-updates for a single deploy (ugly) or write patches to heat (and neutron where the callback-to-nova support has the same issue) to manually try a lookup and work around this.

Since its trivial to write such a thunk, what benefit is there to your users - e.g. TripleO/heat/nova not have it in keystone itself?

-Rob

--
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list