On Wed, Nov 20, 2013 at 1:06 PM, Dmitri Zimin(e) | StackStorm < [email protected]> wrote:
> Thanks Terry for highlighting this: > > Yes, tenant isolation is the must. It's not reflected in the prototype - > it queries Solr directly; but the proper implementation will go through the > query API service, where ACL will be applied. > > UX folks are welcome to comment on expected queries. > > I think the key benefit of cross-resource index over querying DBs is that > it saves the clients from implementing complex queries case by case, > leaving flexibility to the user. > I question the need for this service, as this service **should** very much be dependent on the clients for this functionality. Expecting to query backends directly must be a misunderstanding somewhere... Start with a specification for filtering across all services and advocate for it on both existing and new APIs. > > -- Dmitri. > > > > > On Wed, Nov 20, 2013 at 2:27 AM, Thierry Carrez <[email protected]>wrote: > >> Dmitri Zimin(e) | StackStorm wrote: >> > Hi Stackers, >> > >> > The project Search is a service providing fast full-text search for >> > resources across OpenStack services. >> > [...] >> >> At first glance this looks slightly scary from a security / tenant >> isolation perspective. Most search results would be extremely >> user-specific (and leaking data from one user to another would be >> catastrophic), so the benefits of indexing (vs. querying DB) would be >> very limited ? >> >> -- >> Thierry Carrez (ttx) >> >> _______________________________________________ >> OpenStack-dev mailing list >> [email protected] >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- -Dolph
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
