[Openstack] Pondering multi-tenant needs in nova.
jaypipes at gmail.com
Mon Feb 7 14:30:14 UTC 2011
On Mon, Feb 7, 2011 at 9:22 AM, Greg <gholt at rackspace.com> wrote:
> If it's any help, Swift just uses an opaque account string. With Cloud Files we have several resellers each with their own sets of how accounts and users should be structured. We backed away quickly from all that and went the route of "here's an account identifier value, it must be unique amongst your accounts" for each reseller.
What Swift APIs are available for a reseller to query which of its
customer accounts have consumed X resources? Or does Swift punt and
make the reseller calculate all those things?
Does Swift enforce the uniqueness constraint you allude to above? If
not, why bother even having the uniqueness constraint?
> This doesn't prevent us from allowing access controls, etc. as the authentication system can return a list of groups (or roles, or w/e, these are opaque strings to us too).
Again, this has nothing to do with authentication. Nova has a separate
users table that relates to the auth system. This, AFAIK, has nothing
to do with auth.
> Even if Swift had the functionality for mapping org structures, I can't imagine our resellers would want to mirror that over to us, it's hard enough to maintain in one system.
Depends how much they value the ability not to have to constantly
query information from the Swift API and then immediately re-structure
the data and construct aggregate reports from the raw data after
munging it into their own org structure.
More information about the Openstack