be worth considering tweaking the placement API so that only the driver can set/unset traits which it owns?
This would entail placement tracking some kind of "owner" attribute (ahem, metadata) on traits. Or maintaining a list of driver-owned traits per resource provider. Or <your idea here>. And then a way to establish a different identity/policy for the virt driver than for the admin. And then a way for the admin to override that anyway because stuff happens. That ^, IMO, is the "more work than benefit" I led with. Happy to be convinced otherwise if there's a (*much*) simpler way to achieve the desired goal.
Although perhaps it would be better to at least spend 5 minutes finding a good place in the docs to insert the Venn diagram: https://pasteboard.co/I3iqqNm.jpg
Yes please. Bottom of [1] seems like the right place. But for heaven's sake, don't violate my privacy [2]. efried [1] https://docs.openstack.org/nova/latest/admin/configuration/schedulers.html#c... [2] http://lists.openstack.org/pipermail/openstack-discuss/2019-April/thread.htm...