[Openstack] Keystone database (using latest devstack)
Jay Pipes
jaypipes at gmail.com
Fri Mar 9 15:52:47 UTC 2012
On 03/09/2012 10:23 AM, Jason Hedden wrote:
> On Mar 8, 2012, at 10:01 PM, Deepak Garg wrote:
>
>> I have also been trying to find a cli to get a user's role in a
>> particular tenant.
>> I could not do that even with db tables mapping. Following are the fields
>> in the tables:
>>
>> tenant table -> tenant_Id, name, extras
>> user_tenant_membership -> user_id, tenant_id
>> user table -> id, name, extra
>> role table -> id, name
>>
>> So when we bind a user to a tenant with a particular role. How do we
>> store the data in the db so that its possible to verify it and may be
>> retrieve it using cli (when it gets implemented) ?
>
> The data is stored in a python dictionary, inside of the metadata table. You will not be able to use SQL without an unwieldy wildcard search. IMO this seems overly complicated for a core function of the tool, and possibly the reason why listing user/tenant roles hasn't been implemented.
++
I suspect the existing SQL schema has more to do with the default of
using a key-value store until recently.
I think that storing in the roles relationships in the "extra" column is
a bit of premature optimization that is a little ill-conceived at this
point -- it sacrifices functionality for a perceived performance
improvement. I don't believe there's any evidence that the join to a
roles table (or two joins for a mapping many-to-many relationship table)
had an adverse impact on performance in the legacy Keystone.
-jay
More information about the Openstack
mailing list