Open Stack

On Sep 22, 2014, at 1:20 PM, Monty Taylor <mordred at inaugust.com> wrote:

> On 09/21/2014 10:57 PM, Nader Lahouti wrote:
>> Thanks Kevin for bring it up in the ML, I was looking for a guideline or
>> any document to clarify issues on this subject.
>> 
>> I was told, even using keystone API in neutron is not permitted.
> 
> I recognize that I'm potentially without context for neutron internals -
> but could someone please shed some light on why using keystone API from
> neutron would ever be forbidden? That sounds a bit craycray to me and
> I'd like to understand more.

In the past, the proposed usage of the Keystone API for things other than auth have been craycray :) As a response, we’ve established an extremely high bar for those wishing to entangle the two. The proposals tradionatlly have Neutron acting as proxy for Keystone vs having the backend controller request the information directly creates more problems than it solves. I’m not opposed to altering our stance, but I’ve yet to see a proposal for a Keystone proxy that handles synchronization correctly outside the happy path test in a dev environment.

Ideally, I think something that provides proper sync support should exist in Keystone or a Keystone related project vs multiple implementations in Neutron, Cinder or any other multi-tenant service that wants to provide more human friendly names for a vendor backend.

mark

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140922/145a7d39/attachment.html>