[keystone][oslo] oslo.limt implementation update

Lance Bragstad lbragstad at gmail.com
Tue Jul 2 19:34:50 UTC 2019

Today in keystone's office hours, we went through a group code review of
what's currently proposed for the oslo.limit library [0]. This is a
summary of the action items that came out of that meeting.

* We should implement a basic functional testing framework that
exercises keystoneauth connections (used for pulling limit information
for keystone). Otherwise, we'll be mocking things left and right in unit
tests to get decent test coverage with the current keystoneauth code.
* Investigate alternatives to globals for keystoneauth connections [1].
* Investigate adopting a keystoneauth-like way of loading enforcement
models (similar to how ksa loads authentication plugins) [2].
* Figure out if we want to use endpoint_id or service name + region name
for service configuration [3].
* Build out functional testing for flat enforcement
* Implement strict-two-level enforcement model

This existing rewrite was mostly stolen from John's patches to his fork
oslo.limit [4]. Hopefully the current series moves things in that direction.

Feel free to chime in if you have additional notes or comments.


[1] https://bugs.launchpad.net/oslo.limit/+bug/1835103
[2] https://bugs.launchpad.net/oslo.limit/+bug/1835104
[3] https://bugs.launchpad.net/oslo.limit/+bug/1835106

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190702/a421c2ff/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190702/a421c2ff/attachment.sig>

More information about the openstack-discuss mailing list