[openstack-dev] [neutron][api] - attaching arbitrary key/value pairs to resources

Jay Pipes jaypipes at gmail.com
Mon Aug 24 17:58:58 UTC 2015


On 08/24/2015 07:33 AM, Kevin Benton wrote:
>  >Obviously it'll still be possible to be used by a backend, but it's
> also possible to patch the code or provide arbitrary API extensions, too.
>
>
> Right, but vendor API extensions are the way that backend-specific
> features are supposed to be done. With an extension, it's explicit in
> the API via the extensions list that something non-standard is enabled.
>
> Patching code is currently pretty brittle and puts a lot of technical
> debt on a driver author's part so it's pretty obvious to the author that
> it's not the right way to go. Once we add these tags, they will be part
> of the API so they should be stable and will be tempting to use for lots
> of stuff. :)

As Russell mentions, my idea of simple string tagging is that it is 
entirely user-driven (ala Launchpad's tagging of bugs -- there is no 
systemic collation or curation of tags).

If you need system-defined and protected attributes, you should use a 
separate resource on the network or port, ala the port binding profile, 
which to date has been (ab)used for the purpose of communicating 
backend-specific metadata.

Best,
-jay

> On Mon, Aug 24, 2015 at 6:35 AM, Russell Bryant <rbryant at redhat.com
> <mailto:rbryant at redhat.com>> wrote:
>
>     On 08/24/2015 09:25 AM, Kevin Benton wrote:
>      > Hi everybody!
>      >
>      > In Neutron the idea of adding tags to resources has come up several
>      > times this cycle alone.[1][2][3]
>      >
>      > The general concern that has led to them being rejected is that
>     backends
>      > will leverage these tags to leak implementation details or
>      > backend-specific features (e.g. tags that control QoS features,
>     security
>      > isolation, or other network behaviors).
>      >
>      > However, there are many use cases that make these nice for the
>     users of
>      > the API to help organize resources (e.g. external DNS names on
>     floating
>      > IPs, PCI compliance status of security groups, an emoticon describing
>      > the seriousness of the things on that network, etc).
>      >
>      > I'm beginning to think that it might be worth it for the
>     usefulness it
>      > brings to the end users. But with all of the third-party plugins
>      > out-of-tree, we essentially have no way to stop them from using
>     the tags
>      > to control the networking backend as well.
>      >
>      > So I'm looking for feedback from the API working group as well as
>     other
>      > projects that have gone down this path. Should we just take the
>     pythonic
>      > "we're all adults" approach and try to encourage backends not to use
>      > them for network behavior? Or does this carry too much risk of being
>      > abused as a shortcut to avoid developing proper API enhancements by
>      > backend devs?
>      >
>      > 1. https://bugs.launchpad.net/neutron/+bug/1460222
>      > 2. https://bugs.launchpad.net/neutron/+bug/1483480
>      > 3. https://review.openstack.org/#/c/216021/
>
>     If this is clearly documented as being a API consumer thing only, then
>     I'm OK with it.  Obviously it'll still be possible to be used by a
>     backend, but it's also possible to patch the code or provide arbitrary
>     API extensions, too.
>
>     The plugins may be out of tree, but the ones officially a part of
>     Neutron still are under oversight of the Neutron PTL/team.  Using this
>     in a way it's explicitly documented as not to be used would be an
>     example of a case where they should be asked to change.
>
>     We can't control what backends not a part of Neutron do, but that's
>     not new.
>
>     One example of another project doing something similar is this:
>
>     http://specs.openstack.org/openstack/nova-specs/specs/kilo/approved/tag-instances.html
>
>     Note this important line:
>
>     "The tag is an opaque string and is not intended to be interpreted or
>     even read by the virt drivers."
>
>     --
>     Russell Bryant
>
>     __________________________________________________________________________
>     OpenStack Development Mailing List (not for usage questions)
>     Unsubscribe:
>     OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>     <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> --
> Kevin Benton
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



More information about the OpenStack-dev mailing list