[openstack-dev] [Neutron] - what integration with Keystone is allowed?

Monty Taylor mordred at inaugust.com
Mon Sep 22 17:20:23 UTC 2014 

On 09/21/2014 10:57 PM, Nader Lahouti wrote:
> Thanks Kevin for bring it up in the ML, I was looking for a guideline or
> any document to clarify issues on this subject.
> 
> I was told, even using keystone API in neutron is not permitted.

I recognize that I'm potentially without context for neutron internals -
but could someone please shed some light on why using keystone API from
neutron would ever be forbidden? That sounds a bit craycray to me and
I'd like to understand more.

> 
> 
> On Sun, Sep 21, 2014 at 12:58 PM, Kevin Benton <blak111 at gmail.com> wrote:
> 
>> So based on those guidelines there would be a problem with the IBM patch
>> because it's storing the tenant name in a backend controller, right?
>> On Sep 21, 2014 12:18 PM, "Dolph Mathews" <dolph.mathews at gmail.com> wrote:
>>
>>> Querying keystone for tenant names is certainly fair game.
>>>
>>> Keystone should be considered the only source of truth for tenant names
>>> though, as they are mutable and not globally unique on their own, so other
>>> services should not stash any names from keystone into long term
>>> persistence (users, projects, domains, groups, etc-- roles might be an odd
>>> outlier worth a separate conversation if anyone is interested).
>>>
>>> Store IDs where necessary, and use IDs on the wire where possible though,
>>> as they are immutable.
>>>
>>> On Sat, Sep 20, 2014 at 7:46 PM, Kevin Benton <blak111 at gmail.com> wrote:
>>>
>>>> Hello all,
>>>>
>>>> A patch has come up to query keystone for tenant names in the IBM
>>>> plugin.[1] As I understand it, this was one of the reasons another
>>>> mechanism driver was reverted.[2] Can we get some clarity on the level
>>>> of integration with Keystone that is permitted?
>>>>
>>>> Thanks
>>>>
>>>> 1. https://review.openstack.org/#/c/122382
>>>> 2. https://review.openstack.org/#/c/118456
>>>>
>>>> --
>>>> Kevin Benton
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
> 
> 
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

More information about the OpenStack-dev mailing list