On 20 November 2014 05:25,  <openstack-dev-requ...@lists.openstack.org> wrote:
> ------------------------------
> Message: 24
> Date: Wed, 19 Nov 2014 10:57:17 -0500
> From: Doug Hellmann <d...@doughellmann.com>
> To: "OpenStack Development Mailing List (not for usage questions)"
>         <openstack-dev@lists.openstack.org>
> Subject: Re: [openstack-dev] Quota management and enforcement across
>         projects
> Message-ID: <13f4f7a1-d4ec-4d14-a163-d477a4fd9...@doughellmann.com>
> Content-Type: text/plain; charset=windows-1252
> On Nov 19, 2014, at 9:51 AM, Sylvain Bauza <sba...@redhat.com> wrote:
>> My bad. Let me rephrase it. I'm seeing this service as providing added value 
>> for managing quotas by ensuring consistency across all projects. But as I 
>> said, I'm also thinking that the quota enforcement has still to be done at 
>> the customer project level.
> Oh, yes, that is true. I envision the API for the new service having a call 
> that means ?try to consume X units of a given quota? and that it would return 
> information about whether that can be done. The apps would have to define 
> what quotas they care about, and make the appropriate calls.

For actions initiated directly through core OpenStack service APIs
(Nova, Cinder, Neutron, etc - anything using Keystone policy),
shouldn't quota-enforcement be handled by Keystone? To me this is just
a subset of authz, and OpenStack already has a well established
service for such decisions.

It sounds like the idea here is to provide something generic that
could be used outside of OpenStack? I worry that might be premature
scope creep that detracts from the outcome.


OpenStack-dev mailing list

Reply via email to