Open Stack

Hi Liem! Comments inline...

> From: Nguyen, Liem Manh [mailto:liem_m_nguyen at hp.com]
> Sent: Friday, July 15, 2011 05:56 PM
>
> For Nova, the Keystone Tenant maps to a Nova project, and according to the
> “Finalize Auth integration” blueprint, the Nova project is going away (“no
> more project/roleuser info in nova”).

If I understand Z correctly, I think what that means is that the
*linking* relationship between a project and a role will no longer be
stored in Nova. Only the project identifier will be stored in Nova,
and the relationship of a project to a role will be stored in
Keystone.

> What about Swift’s account?  I assume the Keystone tenant would map to a
> Swift account.  How would this mapping occur?  Would Swift still maintain
> account information in the db and these will get synchronized with Keystone
> tenant information (i.e., auto-create accounts), or would Swift get rid of
> the account concept and have a mapping between tenant and containers
> instead?  If there is any existing blue-print/docs on Keystone/Swift
> integration plan for Diablo, that would be greatly appreciated.

I don't see any need to remove the concept of an account in Swift.
It's a central component in the way that access to objects in Swift is
controlled. I think that Z is saying that the account in Swift should
merely be considered the tenant in Keystone.

-jay