[openstack-dev] [neutron][api] - attaching arbitrary key/value pairs to resources

Kevin Benton blak111 at gmail.com
Mon Aug 24 13:25:45 UTC 2015


Hi everybody!

In Neutron the idea of adding tags to resources has come up several times
this cycle alone.[1][2][3]

The general concern that has led to them being rejected is that backends
will leverage these tags to leak implementation details or backend-specific
features (e.g. tags that control QoS features, security isolation, or other
network behaviors).

However, there are many use cases that make these nice for the users of the
API to help organize resources (e.g. external DNS names on floating IPs,
PCI compliance status of security groups, an emoticon describing the
seriousness of the things on that network, etc).

I'm beginning to think that it might be worth it for the usefulness it
brings to the end users. But with all of the third-party plugins
out-of-tree, we essentially have no way to stop them from using the tags to
control the networking backend as well.

So I'm looking for feedback from the API working group as well as other
projects that have gone down this path. Should we just take the pythonic
"we're all adults" approach and try to encourage backends not to use them
for network behavior? Or does this carry too much risk of being abused as a
shortcut to avoid developing proper API enhancements by backend devs?

1. https://bugs.launchpad.net/neutron/+bug/1460222
2. https://bugs.launchpad.net/neutron/+bug/1483480
3. https://review.openstack.org/#/c/216021/


Cheers
-- 
Kevin Benton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150824/410bdabd/attachment.html>


More information about the OpenStack-dev mailing list