[openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?
Robert Collins
robertc at robertcollins.net
Tue Apr 29 06:25:02 UTC 2014
On 29 April 2014 12:27, Dolph Mathews <dolph.mathews at gmail.com> wrote:
>
> Sure: domain names are unambiguous but user mutable, whereas Heat's approach
> to using admin tenant "name" is at risk to both mutability and ambiguity (in
> a multi-domain deployment).
Isn't domainname/user unambiguous and unique? mutability is really not
keystones choice.
If keystone won't accept domainname/user then that will force us to
either do two stack-updates for a single deploy (ugly) or write
patches to heat (and neutron where the callback-to-nova support has
the same issue) to manually try a lookup and work around this.
Since its trivial to write such a thunk, what benefit is there to your
users - e.g. TripleO/heat/nova not have it in keystone itself?
-Rob
--
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud
More information about the OpenStack-dev
mailing list