<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Do you mean project names or project IDs?<div class=""><br class=""></div><div class="">Sam</div><div class=""><br class=""></div><div class=""><br class=""><div style=""><blockquote type="cite" class=""><div class="">On 3 Jul 2015, at 12:12 am, Henrique Truta <<a href="mailto:henriquecostatruta@gmail.com" class="">henriquecostatruta@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class="">Hi everyone,</span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class="">In Kilo, keystone introduced the concept of Hierarchical Multitenancy[1], which allows cloud operators to organize projects in hierarchies. This concept is evolving in Liberty, with the addition of the Reseller use case[2], where among other features, it’ll have hierarchies of domains by making the domain concept a feature of projects and not a different entity: from now on, every domain will be treated as a project that has the “is_domain” property set to True. </span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class="">Currently, getting a project scoped token can be made by only passing the project name and the domain it belongs to, once project names are unique between domains. However with those hierarchies of projects, in M we intend to remove this constraint in order to make a project name unique only in its level in the hierarchy (project parent). In other words, it won’t be possible to have sibling projects with the same name. For example. the following hierarchy will be valid:</span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class=""> A - project with the domain feature</span></div><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class=""> / \</span></div><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class=""> B C - “pure” projects, children of A</span></div><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class=""> | |</span></div><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class=""> A B - “pure” projects, children of B and C respectively</span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class="">Therefore, the cloud user faces some problems when getting a project scoped token by name to projects A or B, since keystone won’t be able to distinguish them only by their names. The best way to solve this problem is providing the full hierarchy, like “A/B/A”, “A/B”, “A/C/B” and so on. </span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class="">To achieve this, we intend to </span><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: underline; vertical-align: baseline;" class="">deprecate</span><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class=""> the “/” character in project names in Liberty and prohibit it in M, removing/replacing this character in a database migration**. </span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class="">Do you have some strong reason to keep using this character in project names? How bad would it be for existing deploys? We’d like to hear from you. </span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class="">Best regards,</span></div><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class="">Henrique</span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class="">** LDAP as assignment backend does not support Hierarchical Multitenancy. This change will be only applied to SQL backends.</span></div><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class="">[1] </span><a href="http://specs.openstack.org/openstack/keystone-specs/specs/juno/hierarchical_multitenancy.html" style="text-decoration:none" class=""><span style="font-size:14.666666666666666px;font-family:Arial;color:#1155cc;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline" class="">http://specs.openstack.org/openstack/keystone-specs/specs/juno/hierarchical_multitenancy.html</span></a></div><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt; text-align: justify;" class=""><span style="font-size: 14.666666666666666px; font-family: Arial; background-color: transparent; font-weight: normal; font-style: normal; font-variant: normal; text-decoration: none; vertical-align: baseline;" class="">[2] </span><a href="http://specs.openstack.org/openstack/keystone-specs/specs/kilo/reseller.html" style="text-decoration:none" class=""><span style="font-size:14.666666666666666px;font-family:Arial;color:#1155cc;background-color:transparent;font-weight:normal;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline" class="">http://specs.openstack.org/openstack/keystone-specs/specs/kilo/reseller.html</span></a></div><br class=""></div>
_______________________________________________<br class="">OpenStack-operators mailing list<br class=""><a href="mailto:OpenStack-operators@lists.openstack.org" class="">OpenStack-operators@lists.openstack.org</a><br class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators<br class=""></div></blockquote></div><br class=""></div></body></html>