Today in keystone's office hours, we went
through a group code review of what's currently proposed for the
oslo.limit library [0]. This is a summary of the action items
that came out of that meeting.
* We should implement a basic functional testing framework that
exercises keystoneauth connections (used for pulling limit
information for keystone). Otherwise, we'll be mocking things
left and right in unit tests to get decent test coverage with
the current keystoneauth code.
* Investigate alternatives to globals for keystoneauth
connections [1].
* Investigate adopting a keystoneauth-like way of loading
enforcement models (similar to how ksa loads authentication
plugins) [2].
* Figure out if we want to use endpoint_id or service name +
region name for service configuration [3].
* Build out functional testing for flat enforcement
* Implement strict-two-level enforcement model
This existing rewrite was mostly stolen from John's patches to
his fork oslo.limit [4]. Hopefully the current series moves
things in that direction.
Feel free to chime in if you have additional notes or comments.
Lance
[0] https://review.opendev.org/#/q/topic:rewrite+(status:open+OR+status:merged)+project:openstack/oslo.limit
[1] https://bugs.launchpad.net/oslo.limit/+bug/1835103
[2] https://bugs.launchpad.net/oslo.limit/+bug/1835104
[3] https://bugs.launchpad.net/oslo.limit/+bug/1835106
[4] https://github.com/JohnGarbutt/oslo.limit/commit/a5b908046fd904c25b6cd15c65266c747774b5ab