[openstack-dev] [Sahara] Questions about how Sahara use trust ?
Andrew Lazarev
alazarev at mirantis.com
Fri Jul 10 15:39:15 UTC 2015
Hi Chen,
As I remember, proxy users were added for security reasons. When one user
creates cluster in Sahara he should not get access to data of other users.
Thanks,
Andrew.
On Thu, Jul 9, 2015 at 11:12 PM, Li, Chen <chen.li at intel.com> wrote:
> Hi Sahara guys,
>
>
>
>
>
> When sahara create a transient cluster, it create a trust with sahara
> admin user.
>
>
> https://github.com/openstack/sahara/blob/master/sahara/service/ops.py#L239-L240
>
>
> https://github.com/openstack/sahara/blob/master/sahara/service/trusts.py#L79
>
>
>
> When sahara deal with swift, it create a trust too, but :
>
> sahara admin user => create a proxy domain => set in sahara.conf
>
> ð sahara create proxy user in the domain.
>
> ð create a trust with the proxy user.
>
> https://github.com/openstack/sahara/blob/master/sahara/utils/proxy.py#L110
>
> https://github.com/openstack/sahara/blob/master/sahara/utils/proxy.py#L265
>
>
>
>
>
> My questions are :
>
> Why not user proxy user for transient cluster ?
>
> Or, why a proxy user is needed for swift but not use sahara admin user
> directly ?
>
>
>
> Looking forward to your reply.
>
>
>
>
>
> Thanks.
>
> -chen
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150710/b89d0dab/attachment.html>
More information about the OpenStack-dev
mailing list