[placement][nova][ptg] Protecting driver-provided traits
aspiers at suse.com
Fri Apr 12 14:58:25 UTC 2019
[resend due to issues with our internal MTA]
Eric Fried <openstack at fried.cc> wrote:
>>be worth considering tweaking the placement API so that only the driver
>>can set/unset traits which it owns?
>This would entail placement tracking some kind of "owner" attribute
>(ahem, metadata) on traits. Or maintaining a list of driver-owned traits
>per resource provider. Or <your idea here>. And then a way to establish
>a different identity/policy for the virt driver than for the admin. And
>then a way for the admin to override that anyway because stuff happens.
>That ^, IMO, is the "more work than benefit" I led with. Happy to be
>convinced otherwise if there's a (*much*) simpler way to achieve the
Just thinking out aloud, but how about something as stupid as just
maintaining that list of driver-owned traits in os_traits, and
exposing a simple trait_is_driver_owned() function which returns a
boolean? Then the API implementation could simply check that and
return 403 or whatever if the admin tries to mess with a driver-owned
Although I'm assuming that there is already some mechanism in there
for the API service to distinguish between admin callers and driver
callers; if that assumption is wrong then maybe it would take too much
more effort to add that.
>>Although perhaps it would be better to at least spend 5
>>minutes finding a good place in the docs to insert the Venn diagram:
>Yes please. Bottom of  seems like the right place.
That idea was already rejected, otherwise it would be there already:
>But for heaven's sake, don't violate my privacy .
Sure, no need for that here ;-) We can just add the raw .svg.
More information about the openstack-discuss