<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Domain support hasn't really been adopted across various OpenStack
projects, yet. Ocata was the first release where we had a v3-only
jenkins job set up for projects to run against (domains are a
v3-only concept in keystone and don't really exist in v2.0).<br>
<br>
I think it would be great to push on some of that work so that we
can start working the concept of domain-scope into various services.
I'd be happy to help here. John Garbutt had some good ideas on this
track, too.<br>
<br>
<a class="moz-txt-link-freetext" href="https://review.openstack.org/#/c/433037/">https://review.openstack.org/#/c/433037/</a><br>
<a class="moz-txt-link-freetext" href="https://review.openstack.org/#/c/427872/">https://review.openstack.org/#/c/427872/</a><br>
<br>
<div class="moz-cite-prefix">On 06/20/2017 08:59 AM, Valeriy
Ponomaryov wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAPnpNOWg-eJ+SX-hDxNGN2op9WYBRG4jUaiPsZg42mM1-fu2Xg@mail.gmail.com">
<div dir="ltr">Also, one more additional kind of "feature-request"
is to be able to filter each project's entities per domain as
well as we can do it with project/tenant now.
<div><br>
</div>
<div>So, as a result, we will be able to configure different
"list" APIs to return objects grouped by either domain or
project.</div>
<div><br>
</div>
<div>
<div>Thoughts?</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Jun 20, 2017 at 1:07 PM, Adam
Heczko <span dir="ltr"><<a
href="mailto:aheczko@mirantis.com" target="_blank"
moz-do-not-send="true">aheczko@mirantis.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hello Valeriy,
<div>agree, that would be very useful. I think that this
deserves attention and cross project discussion.</div>
<div>Maybe a community goal process [2] is a valid path
forward in this regard.</div>
<div><br>
</div>
<div>[2] <a
href="https://governance.openstack.org/tc/goals/"
target="_blank" moz-do-not-send="true">https://governance.<wbr>openstack.org/tc/goals/</a></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">
<div>
<div class="h5">On Tue, Jun 20, 2017 at 11:15 AM,
Valeriy Ponomaryov <span dir="ltr"><<a
href="mailto:vponomaryov@mirantis.com"
target="_blank" moz-do-not-send="true">vponomaryov@mirantis.com</a>></span>
wrote:<br>
</div>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div class="h5">
<div dir="ltr">Hello OpenStackers,
<div><br>
</div>
<div>Wanted to pay some attention to one of
restrictions in OpenStack.</div>
<div>It came out, that it is impossible to
define policy rules for API services based on
"domain_id".</div>
<div>As far as I know, only Keystone supports
it.</div>
<div><br>
</div>
<div>So, it is unclear whether it is intended or
it is just technical debt that each OpenStack
project should</div>
<div>eliminate?</div>
<div><br>
</div>
<div>For the moment, I filed bug [1].</div>
<div><br>
</div>
<div>Use case is following: usage of Keystone
API v3 all over the cloud and level of trust
is domain, not project.</div>
<div><br>
</div>
<div>And if it is technical debt how much
different teams are interested in having such
possibility?</div>
<div><br>
</div>
<div>[1] <a
href="https://bugs.launchpad.net/nova/+bug/1699060"
target="_blank" moz-do-not-send="true">https://bugs.launchpad.net<wbr>/nova/+bug/1699060</a></div>
<span class="m_-8206077180457538739HOEnZb"><font
color="#888888">
<div>
<div><br>
</div>
-- <br>
<div
class="m_-8206077180457538739m_2551281963429412645gmail_signature">
<div dir="ltr">Kind Regards<br>
Valeriy Ponomaryov<br>
<a href="http://www.mirantis.com"
target="_blank"
moz-do-not-send="true">www.mirantis.com</a><br>
<a
href="mailto:vponomaryov@mirantis.com"
target="_blank"
moz-do-not-send="true">vponomaryov@mirantis.com</a><br>
</div>
</div>
</div>
</font></span></div>
<br>
</div>
</div>
______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage
questions)<br>
Unsubscribe: <a
href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe"
rel="noreferrer" target="_blank"
moz-do-not-send="true">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>
<a
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>
<br>
</blockquote>
</div>
<span class="HOEnZb"><font color="#888888"><br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_-8206077180457538739gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div
style="color:rgb(136,136,136);font-size:12.8000001907349px">Adam
Heczko</div>
<div
style="color:rgb(136,136,136);font-size:12.8000001907349px">Security
Engineer @ Mirantis Inc.</div>
</div>
</div>
</font></span></div>
<br>
______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a
href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe"
rel="noreferrer" target="_blank" moz-do-not-send="true">OpenStack-dev-request@lists.<wbr>openstack.org?subject:<wbr>unsubscribe</a><br>
<a
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.openstack.org/<wbr>cgi-bin/mailman/listinfo/<wbr>openstack-dev</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">Kind Regards<br>
Valeriy Ponomaryov<br>
<a href="http://www.mirantis.com" target="_blank"
moz-do-not-send="true">www.mirantis.com</a><br>
<a href="mailto:vponomaryov@mirantis.com" target="_blank"
moz-do-not-send="true">vponomaryov@mirantis.com</a><br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>