[Openstack] Keystone object model

Ziad Sawalha ziad.sawalha at rackspace.com
Wed Jun 22 03:14:42 UTC 2011


Hi Jason -

The mapping is that a Tenant in Keystone is the same thing as an Account in Swift and a Project in Nova.

Specifically answering your questions:

  1.  1-to-1
  2.  1-to-1
  3.  We're debating this one. We started with a User being 'Contained' in one (and only one) tenant. Then we made that containment optional so we would not have to create a dummy tenant to 'park' global users in. Now users just have a default tenant attribute but what the semantic of that is is not clear. We do support a user having access to multiple tenants and we're doing that through role assignments (you grant a user a role on a tenant). But Jesse has brought up the valid question of what the default tenant attribute means, then? Not finalized yet.
  4.  We took all group functionality out and will put it into extensions and let the extensions battle it out before putting them in core.
  5.  TBD – open for thought leadership on this one if anyone needs the functionality soon.
  6.  They won't right now.

Regards,
Ziad

From: "Rouault, Jason (Cloud Services)" <jason.rouault at hp.com<mailto:jason.rouault at hp.com>>
Date: Mon, 20 Jun 2011 15:32:42 +0000
To: "<openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>" <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>
Subject: [Openstack] Keystone object model

Is there an object data model for Keystone and a mapping to current Swift and Nova concepts?  I have the following questions:


1)      The relationship between a Keystone Tenant and a Swift Account.  Is it 1-to-1, 1-to-many, many-to-many, what?

2)      The relationship between a Keystone Tenant and a Nova Project. Is it 1-to-1, 1-to-many, many-to-many, what?

3)      Relationship between a Keystone User and a Tenant?  Can a user be a member of multiple Tenants?

4)      The plan for group usage in Keystone.  I see three types of groups, Tenant Groups, User Groups, and Global Groups

5)      How will Keystone groups map to the notion of group in Swift?

6)      How will Keystone groups be used for Nova?

Thanks,

Jason
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net> Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20110622/24d29839/attachment.html>


More information about the Openstack mailing list