[openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward
Hemanth Ravi
hemanthraviml at gmail.com
Mon Aug 11 17:40:17 UTC 2014
On Fri, Aug 8, 2014 at 7:13 PM, Armando M. <armamig at gmail.com> wrote:
>
>> On Fri, Aug 8, 2014 at 5:38 PM, Armando M. <armamig at gmail.com> wrote:
>>
>>>
>>>
>>>> One advantage of the service plugin is that one can leverage the
>>>> neutron common framework such as Keystone authentication where common
>>>> scoping is done. It would be important in the policy type of framework to
>>>> have such scoping
>>>>
>>>
>>> The framework you're referring to is common and already reusable, it's
>>> not a prerogative of Neutron.
>>>
>>
>> Are you suggesting that Service Plugins, L3, IPAM etc become individual
>> endpoints, resulting in redundant authentication round-trips for each of
>> the components.
>>
>> Wouldn't this result in degraded performance and potential consistency
>> issues?
>>
>
> The endpoint - in the OpenStack lingo - that exposes the API abstractions
> (concepts and operations) can be, logically and physically, different from
> the worker that implements these abstractions; authentication is orthogonal
> to this and I am not suggesting what you mention.
>
>From what I understand, you are saying that the implementation could be
done via a mechanism different than a service plugin. Would this be done by
implementing the service plugin as a different process? This would imply
making changes to the the neutron server - plugin interface. If this is the
case, wouldn't it be better to use the existing mechanism to avoid
introducing any instability at this stage of the Juno cycle.
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140811/b5321c46/attachment.html>
More information about the OpenStack-dev
mailing list