[openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

Clint Byrum clint at fewbar.com
Mon Jun 16 19:56:24 UTC 2014


Excerpts from Doug Wiegley's message of 2014-06-10 14:41:29 -0700:
> Of what use is a database that randomly delete rows?  That is, in effect, what you’re allowing.
> 
> The secrets are only useful when paired with a service.  And unless I’m mistaken, there’s no undo.  So you’re letting users shoot themselves in the foot, for what reason, exactly?  How do you expect openstack to rely on a data store that is fundamentally random at the whim of users?  Every single service that uses Barbican will now have to hack in a defense mechanism of some kind, because they can’t trust that the secret they rely on will still be there later.  Which defeats the purpose of this mission statement:  "Barbican is a ReST API designed for the secure storage, provisioning and management of secrets.”
> 
> (And I don’t think anyone is suggesting that blind refcounts are the answer.  At least, I hope not.)
> 
> Anyway, I hear this has already been decided, so, so be it.  Sounds like we’ll hack around it.
> 


Doug, nobody is calling Barbican "a database". It is a place to store
secrets.

The idea is to loosely couple things, and if you need more assurances,
use something like Heat to manage the relationships.



More information about the OpenStack-dev mailing list