[openstack-dev] [Neutron] - what integration with Keystone is allowed?
Kevin Benton
blak111 at gmail.com
Sun Sep 21 19:58:01 UTC 2014
So based on those guidelines there would be a problem with the IBM patch
because it's storing the tenant name in a backend controller, right?
On Sep 21, 2014 12:18 PM, "Dolph Mathews" <dolph.mathews at gmail.com> wrote:
> Querying keystone for tenant names is certainly fair game.
>
> Keystone should be considered the only source of truth for tenant names
> though, as they are mutable and not globally unique on their own, so other
> services should not stash any names from keystone into long term
> persistence (users, projects, domains, groups, etc-- roles might be an odd
> outlier worth a separate conversation if anyone is interested).
>
> Store IDs where necessary, and use IDs on the wire where possible though,
> as they are immutable.
>
> On Sat, Sep 20, 2014 at 7:46 PM, Kevin Benton <blak111 at gmail.com> wrote:
>
>> Hello all,
>>
>> A patch has come up to query keystone for tenant names in the IBM
>> plugin.[1] As I understand it, this was one of the reasons another
>> mechanism driver was reverted.[2] Can we get some clarity on the level
>> of integration with Keystone that is permitted?
>>
>> Thanks
>>
>> 1. https://review.openstack.org/#/c/122382
>> 2. https://review.openstack.org/#/c/118456
>>
>> --
>> Kevin Benton
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140921/f09d4de2/attachment.html>
More information about the OpenStack-dev
mailing list