<div dir="ltr"><div><div><div><div>+1<br><br></div>I will alter the proposed spec to indicate that this shouldn't be consumed/used with backends specific<br></div>data (similar to the way Nova tags indicate it)<br><br></div>I see value (and described some use cases in the spec) for using this from the API level<br><br></div>Gal.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 24, 2015 at 4:35 PM, Russell Bryant <span dir="ltr"><<a href="mailto:rbryant@redhat.com" target="_blank">rbryant@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 08/24/2015 09:25 AM, Kevin Benton wrote:<br>
> Hi everybody!<br>
><br>
> In Neutron the idea of adding tags to resources has come up several<br>
> times this cycle alone.[1][2][3]<br>
><br>
> The general concern that has led to them being rejected is that backends<br>
> will leverage these tags to leak implementation details or<br>
> backend-specific features (e.g. tags that control QoS features, security<br>
> isolation, or other network behaviors).<br>
><br>
> However, there are many use cases that make these nice for the users of<br>
> the API to help organize resources (e.g. external DNS names on floating<br>
> IPs, PCI compliance status of security groups, an emoticon describing<br>
> the seriousness of the things on that network, etc).<br>
><br>
> I'm beginning to think that it might be worth it for the usefulness it<br>
> brings to the end users. But with all of the third-party plugins<br>
> out-of-tree, we essentially have no way to stop them from using the tags<br>
> to control the networking backend as well.<br>
><br>
> So I'm looking for feedback from the API working group as well as other<br>
> projects that have gone down this path. Should we just take the pythonic<br>
> "we're all adults" approach and try to encourage backends not to use<br>
> them for network behavior? Or does this carry too much risk of being<br>
> abused as a shortcut to avoid developing proper API enhancements by<br>
> backend devs?<br>
><br>
> 1. <a href="https://bugs.launchpad.net/neutron/+bug/1460222" rel="noreferrer" target="_blank">https://bugs.launchpad.net/neutron/+bug/1460222</a><br>
> 2. <a href="https://bugs.launchpad.net/neutron/+bug/1483480" rel="noreferrer" target="_blank">https://bugs.launchpad.net/neutron/+bug/1483480</a><br>
> 3. <a href="https://review.openstack.org/#/c/216021/" rel="noreferrer" target="_blank">https://review.openstack.org/#/c/216021/</a><br>
<br>
</div></div>If this is clearly documented as being a API consumer thing only, then<br>
I'm OK with it. Obviously it'll still be possible to be used by a<br>
backend, but it's also possible to patch the code or provide arbitrary<br>
API extensions, too.<br>
<br>
The plugins may be out of tree, but the ones officially a part of<br>
Neutron still are under oversight of the Neutron PTL/team. Using this<br>
in a way it's explicitly documented as not to be used would be an<br>
example of a case where they should be asked to change.<br>
<br>
We can't control what backends not a part of Neutron do, but that's not new.<br>
<br>
One example of another project doing something similar is this:<br>
<br>
<a href="http://specs.openstack.org/openstack/nova-specs/specs/kilo/approved/tag-instances.html" rel="noreferrer" target="_blank">http://specs.openstack.org/openstack/nova-specs/specs/kilo/approved/tag-instances.html</a><br>
<br>
Note this important line:<br>
<br>
"The tag is an opaque string and is not intended to be interpreted or<br>
even read by the virt drivers."<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Russell Bryant<br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Best Regards ,<br><br>The G. </div>
</div>