[openstack-dev] Quota management and enforcement across projects
blair.bethwaite at gmail.com
Wed Nov 19 23:16:09 UTC 2014
On 20 November 2014 05:25, <openstack-dev-request at lists.openstack.org> wrote:
> Message: 24
> Date: Wed, 19 Nov 2014 10:57:17 -0500
> From: Doug Hellmann <doug at doughellmann.com>
> To: "OpenStack Development Mailing List (not for usage questions)"
> <openstack-dev at lists.openstack.org>
> Subject: Re: [openstack-dev] Quota management and enforcement across
> Message-ID: <13F4F7A1-D4EC-4D14-A163-D477A4FD9BA6 at doughellmann.com>
> Content-Type: text/plain; charset=windows-1252
> On Nov 19, 2014, at 9:51 AM, Sylvain Bauza <sbauza at redhat.com> wrote:
>> My bad. Let me rephrase it. I'm seeing this service as providing added value for managing quotas by ensuring consistency across all projects. But as I said, I'm also thinking that the quota enforcement has still to be done at the customer project level.
> Oh, yes, that is true. I envision the API for the new service having a call that means ?try to consume X units of a given quota? and that it would return information about whether that can be done. The apps would have to define what quotas they care about, and make the appropriate calls.
For actions initiated directly through core OpenStack service APIs
(Nova, Cinder, Neutron, etc - anything using Keystone policy),
shouldn't quota-enforcement be handled by Keystone? To me this is just
a subset of authz, and OpenStack already has a well established
service for such decisions.
It sounds like the idea here is to provide something generic that
could be used outside of OpenStack? I worry that might be premature
scope creep that detracts from the outcome.
More information about the OpenStack-dev