In Keystone, users are assigned to a domain when they are created. This is a unique combination.
-----Original Message----- From: Robert Collins [mailto:[email protected]] Sent: Monday, April 28, 2014 11:25 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues? On 29 April 2014 12:27, Dolph Mathews <[email protected]> wrote: > > Sure: domain names are unambiguous but user mutable, whereas Heat's > approach to using admin tenant "name" is at risk to both mutability > and ambiguity (in a multi-domain deployment). Isn't domainname/user unambiguous and unique? mutability is really not keystones choice. If keystone won't accept domainname/user then that will force us to either do two stack-updates for a single deploy (ugly) or write patches to heat (and neutron where the callback-to-nova support has the same issue) to manually try a lookup and work around this. Since its trivial to write such a thunk, what benefit is there to your users - e.g. TripleO/heat/nova not have it in keystone itself? -Rob -- Robert Collins <[email protected]> Distinguished Technologist HP Converged Cloud _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
