Open Stack

On 03/09/2012 10:23 AM, Jason Hedden wrote:
> On Mar 8, 2012, at 10:01 PM, Deepak Garg wrote:
>
>> I have also been trying to find a cli to get a user's role in a
>> particular tenant.
>> I could not do that even with db tables mapping. Following are the fields
>> in the tables:
>>
>> tenant table  ->  tenant_Id, name, extras
>> user_tenant_membership  ->  user_id, tenant_id
>> user table  ->  id, name, extra
>> role table ->  id, name
>>
>> So when we bind a user to a tenant with a particular role. How do we
>> store the data in the db so that its possible to verify it and may be
>> retrieve it using cli (when it gets implemented) ?
>
> The data is stored in a python dictionary, inside of the metadata table.  You will not be able to use SQL without an unwieldy wildcard search.  IMO this seems overly complicated for a core function of the tool, and possibly the reason why listing user/tenant roles hasn't been implemented.

++

I suspect the existing SQL schema has more to do with the default of 
using a key-value store until recently.

I think that storing in the roles relationships in the "extra" column is 
a bit of premature optimization that is a little ill-conceived at this 
point -- it sacrifices functionality for a perceived performance 
improvement. I don't believe there's any evidence that the join to a 
roles table (or two joins for a mapping many-to-many relationship table) 
had an adverse impact on performance in the legacy Keystone.

-jay