[openstack-dev] [Neutron] - what integration with Keystone is allowed?
Dolph Mathews
dolph.mathews at gmail.com
Mon Sep 22 14:50:38 UTC 2014
On Sun, Sep 21, 2014 at 3:58 PM, Kevin Benton <blak111 at gmail.com> wrote:
> So based on those guidelines there would be a problem with the IBM patch
> because it's storing the tenant name in a backend controller, right?
>
It would need to be regarded as an expiring cache if Neutron chose to go
that route. I'd wholly recommend against it though, because I don't see a
strong use case to use names instead of IDs here (correct me if I'm wrong).
> On Sep 21, 2014 12:18 PM, "Dolph Mathews" <dolph.mathews at gmail.com> wrote:
>
>> Querying keystone for tenant names is certainly fair game.
>>
>> Keystone should be considered the only source of truth for tenant names
>> though, as they are mutable and not globally unique on their own, so other
>> services should not stash any names from keystone into long term
>> persistence (users, projects, domains, groups, etc-- roles might be an odd
>> outlier worth a separate conversation if anyone is interested).
>>
>> Store IDs where necessary, and use IDs on the wire where possible though,
>> as they are immutable.
>>
>> On Sat, Sep 20, 2014 at 7:46 PM, Kevin Benton <blak111 at gmail.com> wrote:
>>
>>> Hello all,
>>>
>>> A patch has come up to query keystone for tenant names in the IBM
>>> plugin.[1] As I understand it, this was one of the reasons another
>>> mechanism driver was reverted.[2] Can we get some clarity on the level
>>> of integration with Keystone that is permitted?
>>>
>>> Thanks
>>>
>>> 1. https://review.openstack.org/#/c/122382
>>> 2. https://review.openstack.org/#/c/118456
>>>
>>> --
>>> Kevin Benton
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140922/c4bdf6cd/attachment.html>
More information about the OpenStack-dev
mailing list