[openstack-dev] [keystone][nova][cinder][horizon][all] properties / metadata for resources
Matt Riedemann
mriedem at linux.vnet.ibm.com
Wed Nov 9 01:34:55 UTC 2016
On 11/8/2016 7:14 PM, Adrian Turjak wrote:
>
>
> On 09/11/16 11:12, Gage Hugo wrote:
>> This spec was discussed at the keystone meeting today and during the
>> conversation that continued afterwards, an idea of using the keystone
>> configuration to set a list of keys was mentioned.
>>
>> The idea is that a cloud admin could define a list of keys that they
>> need for their setup within keystone's configuration file, then only
>> those keys will be valid for storing values in the project properties
>> table. Then each call would check against the list of valid keys and
>> deny any calls that are sent with an invalid key.
>>
>> This idea seems to help with the issue to avoid allowing anyone to
>> throw any arbitrary values into these project properties vs just a set
>> number of values.
>
> That feels far more restricting than it needs to be...
>
> If done like this, the list should be optional, as having to restarting
> Keystone to register the new config if you decide you need to add
> additional values is a terrible approach.
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
Agree, whitelisting this in config sounds like a really bad idea.
--
Thanks,
Matt Riedemann
More information about the OpenStack-dev
mailing list