[openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat

Steven Hardy shardy at redhat.com
Fri Aug 14 12:36:35 UTC 2015


On Fri, Aug 14, 2015 at 05:34:59PM +0800, 王华 wrote:
>    Hi Clint Byrum,
>    Trusts can solve this problem, but it may cause performance problem.
>    When we want to get a stack, we need to get the trust_id from db first,
>    andA 
>    authenticate with the trust_id, then we can get the stack. A 

I'm not sure you actually need trusts, you just need a token scoped to the
appropriate project, so if your admin user has sufficient roles in all the
projects, you can iterate over the projects and get a token per-project,
such that the scope of the project_id matches the tenant/project in the
request to heat.

I appreciate this isn't much more efficient than the impersonation
approach, but it does reduce the complexity a bit.

Steve



More information about the OpenStack-dev mailing list