[openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas
Clint Byrum
clint at fewbar.com
Mon Jun 16 19:56:24 UTC 2014
Excerpts from Doug Wiegley's message of 2014-06-10 14:41:29 -0700:
> Of what use is a database that randomly delete rows? That is, in effect, what you’re allowing.
>
> The secrets are only useful when paired with a service. And unless I’m mistaken, there’s no undo. So you’re letting users shoot themselves in the foot, for what reason, exactly? How do you expect openstack to rely on a data store that is fundamentally random at the whim of users? Every single service that uses Barbican will now have to hack in a defense mechanism of some kind, because they can’t trust that the secret they rely on will still be there later. Which defeats the purpose of this mission statement: "Barbican is a ReST API designed for the secure storage, provisioning and management of secrets.”
>
> (And I don’t think anyone is suggesting that blind refcounts are the answer. At least, I hope not.)
>
> Anyway, I hear this has already been decided, so, so be it. Sounds like we’ll hack around it.
>
Doug, nobody is calling Barbican "a database". It is a place to store
secrets.
The idea is to loosely couple things, and if you need more assurances,
use something like Heat to manage the relationships.
More information about the OpenStack-dev
mailing list