[openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?
Miller, Mark M (EB SW Cloud - R&D - Corvallis)
mark.m.miller at hp.com
Tue Apr 29 15:56:23 UTC 2014
In Keystone, users are assigned to a domain when they are created. This is a unique combination.
-----Original Message-----
From: Robert Collins [mailto:robertc at robertcollins.net]
Sent: Monday, April 28, 2014 11:25 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?
On 29 April 2014 12:27, Dolph Mathews <dolph.mathews at gmail.com> wrote:
>
> Sure: domain names are unambiguous but user mutable, whereas Heat's
> approach to using admin tenant "name" is at risk to both mutability
> and ambiguity (in a multi-domain deployment).
Isn't domainname/user unambiguous and unique? mutability is really not keystones choice.
If keystone won't accept domainname/user then that will force us to either do two stack-updates for a single deploy (ugly) or write patches to heat (and neutron where the callback-to-nova support has the same issue) to manually try a lookup and work around this.
Since its trivial to write such a thunk, what benefit is there to your users - e.g. TripleO/heat/nova not have it in keystone itself?
-Rob
--
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Converged Cloud
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list