Open Stack

2014-02-25 19:48 GMT+08:00 Salvatore Orlando <sorlando at nicira.com>:

> I understand the fact that resources with invalid tenant_ids can be
> created (only with admin rights at least for Neutron) can be annoying.
>
> However, I support Jay's point on cross-project interactions. If tenant_id
> validation (and orphaned resource management) can't be efficiently handled,
> then I'd rather let 3rd party scripts dealing with orphaned and invalid
> resources.
>
> I reckon that it might be worth experimenting whether the notifications
> sent by Keystone (see Dolph's post on this thread) can be used to deal with
> orphaned resources.
> For tenant_id validation, anything involving an extra round trip to
> keystone would not be efficient in my opinion. If there is a way to perform
> this validation in the same call which validates the tenant auth_token then
> it's a different story.
> Notifications from keystone *could* be used to build a local (persistent
> perhaps) cache of active tenant identifiers. However, this would require
> reliable notifications, as well as appropriate cache management, which is
> often less simple than what it looks like.
>
> Salvatore
>

Thanks for your explanation and suggestion, Salvatore, I still think it's
a problem that we should handle in OpenStack or outside(through what you
said, say 3rd party scripts), maybe we could add some contents in wiki or
doc? any idea?


-- 
*---------------------------------------*
*Lingxian Kong*
Huawei Technologies Co.,LTD.
IT Product Line CloudOS PDU
China, Xi'an
Mobile: +86-18602962792
Email: konglingxian at huawei.com; anlin.kong at gmail.c <anlin.kong at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140226/24d952ff/attachment.html>