[openstack-dev] [Openstack-operators] [keystone][all] Deprecating slash ('/') in project names
henriquecostatruta at gmail.com
Mon Jul 6 11:59:38 UTC 2015
I mean project names. You can, for example, create a project today with a
name like "dev/tests".
Em seg, 6 de jul de 2015 às 03:56, Sam Morrison <sorrison at gmail.com>
> Do you mean project names or project IDs?
> On 3 Jul 2015, at 12:12 am, Henrique Truta <henriquecostatruta at gmail.com>
> Hi everyone,
> In Kilo, keystone introduced the concept of Hierarchical Multitenancy,
> which allows cloud operators to organize projects in hierarchies. This
> concept is evolving in Liberty, with the addition of the Reseller use
> case, where among other features, it’ll have hierarchies of domains by
> making the domain concept a feature of projects and not a different entity:
> from now on, every domain will be treated as a project that has the
> “is_domain” property set to True.
> Currently, getting a project scoped token can be made by only passing the
> project name and the domain it belongs to, once project names are unique
> between domains. However with those hierarchies of projects, in M we intend
> to remove this constraint in order to make a project name unique only in
> its level in the hierarchy (project parent). In other words, it won’t be
> possible to have sibling projects with the same name. For example. the
> following hierarchy will be valid:
> A - project with the domain feature
> / \
> B C - “pure” projects, children of A
> | |
> A B - “pure” projects, children of B and C respectively
> Therefore, the cloud user faces some problems when getting a project
> scoped token by name to projects A or B, since keystone won’t be able to
> distinguish them only by their names. The best way to solve this problem is
> providing the full hierarchy, like “A/B/A”, “A/B”, “A/C/B” and so on.
> To achieve this, we intend to deprecate the “/” character in project
> names in Liberty and prohibit it in M, removing/replacing this character in
> a database migration**.
> Do you have some strong reason to keep using this character in project
> names? How bad would it be for existing deploys? We’d like to hear from
> Best regards,
> ** LDAP as assignment backend does not support Hierarchical Multitenancy.
> This change will be only applied to SQL backends.
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev