[placement][nova][ptg] Protecting driver-provided traits

Adam Spiers aspiers at suse.com
Fri Apr 12 14:58:25 UTC 2019

[resend due to issues with our internal MTA]

Eric Fried <openstack at fried.cc> wrote: 
>>be worth considering tweaking the placement API so that only the driver 
>>can set/unset traits which it owns? 
>This would entail placement tracking some kind of "owner" attribute 
>(ahem, metadata) on traits. Or maintaining a list of driver-owned traits 
>per resource provider. Or <your idea here>. And then a way to establish 
>a different identity/policy for the virt driver than for the admin. And 
>then a way for the admin to override that anyway because stuff happens. 
>That ^, IMO, is the "more work than benefit" I led with. Happy to be 
>convinced otherwise if there's a (*much*) simpler way to achieve the 
>desired goal. 

Just thinking out aloud, but how about something as stupid as just 
maintaining that list of driver-owned traits in os_traits, and 
exposing a simple trait_is_driver_owned() function which returns a 
boolean?  Then the API implementation could simply check that and 
return 403 or whatever if the admin tries to mess with a driver-owned 

Although I'm assuming that there is already some mechanism in there 
for the API service to distinguish between admin callers and driver 
callers; if that assumption is wrong then maybe it would take too much 
more effort to add that. 

>>Although perhaps it would be better to at least spend 5 
>>minutes finding a good place in the docs to insert the Venn diagram: 
>>    https://pasteboard.co/I3iqqNm.jpg 
>Yes please. Bottom of [1] seems like the right place. 

That idea was already rejected, otherwise it would be there already: 


>But for heaven's sake, don't violate my privacy [2]. 

Sure, no need for that here ;-)  We can just add the raw .svg. 

More information about the openstack-discuss mailing list