[openstack-dev] [keystone][nova][cinder][horizon][all] properties / metadata for resources

Adrian Turjak adriant at catalyst.net.nz
Wed Nov 9 01:14:47 UTC 2016

On 09/11/16 11:12, Gage Hugo wrote:
> This spec was discussed at the keystone meeting today and during the
> conversation that continued afterwards, an idea of using the keystone
> configuration to set a list of keys was mentioned.
> The idea is that a cloud admin could define a list of keys that they
> need for their setup within keystone's configuration file, then only
> those keys will be valid for storing values in the project properties
> table.  Then each call would check against the list of valid keys and
> deny any calls that are sent with an invalid key.
> This idea seems to help with the issue to avoid allowing anyone to
> throw any arbitrary values into these project properties vs just a set
> number of values.

That feels far more restricting than it needs to be...

If done like this, the list should be optional, as having to restarting
Keystone to register the new config if you decide you need to add
additional values is a terrible approach.

More information about the OpenStack-dev mailing list