[openstack-dev] [nova] [glance] [cinder] [neutron] [keystone] - RFC cross project request id tracking
doug at doughellmann.com
Tue May 16 15:10:35 UTC 2017
Excerpts from Chris Dent's message of 2017-05-16 15:28:11 +0100:
> On Sun, 14 May 2017, Sean Dague wrote:
> > So, the basic idea is, services will optionally take an inbound
> > X-OpenStack-Request-ID which will be strongly validated to the format
> > (req-$uuid). They will continue to always generate one as well. When the
> > context is built (which is typically about 3 more steps down the paste
> > pipeline), we'll check that the service user was involved, and if not, reset
> > the request_id to the local generated one. We'll log both the global and
> > local request ids. All of these changes happen in oslo.middleware,
> > oslo.context, oslo.log, and most projects won't need anything to get this
> > infrastructure.
> I may not be understanding this paragraph, but this sounds like you
> are saying: accept a valid and authentic incoming request id, but
> only use it in ongoing requests if the service user was involved in
> those requests.
> If that's correct, I'd suggest not doing that because it confuses
> traceability of a series of things. Instead, always use the request
> id if it is valid and authentic.
> But maybe you mean "if the request id could not be proven authentic,
> don't use it"?
The idea is that a regular user calling into a service should not
be able to set the request id, but outgoing calls from that service
to other services as part of the same request would.
More information about the OpenStack-dev