On 20 November 2014 05:25, <openstack-dev-requ...@lists.openstack.org> wrote: > ------------------------------ > > Message: 24 > Date: Wed, 19 Nov 2014 10:57:17 -0500 > From: Doug Hellmann <d...@doughellmann.com> > To: "OpenStack Development Mailing List (not for usage questions)" > <email@example.com> > Subject: Re: [openstack-dev] Quota management and enforcement across > projects > Message-ID: <13f4f7a1-d4ec-4d14-a163-d477a4fd9...@doughellmann.com> > Content-Type: text/plain; charset=windows-1252 > > > On Nov 19, 2014, at 9:51 AM, Sylvain Bauza <sba...@redhat.com> wrote: >> My bad. Let me rephrase it. I'm seeing this service as providing added value >> for managing quotas by ensuring consistency across all projects. But as I >> said, I'm also thinking that the quota enforcement has still to be done at >> the customer project level. > > Oh, yes, that is true. I envision the API for the new service having a call > that means ?try to consume X units of a given quota? and that it would return > information about whether that can be done. The apps would have to define > what quotas they care about, and make the appropriate calls.
For actions initiated directly through core OpenStack service APIs (Nova, Cinder, Neutron, etc - anything using Keystone policy), shouldn't quota-enforcement be handled by Keystone? To me this is just a subset of authz, and OpenStack already has a well established service for such decisions. It sounds like the idea here is to provide something generic that could be used outside of OpenStack? I worry that might be premature scope creep that detracts from the outcome. -- Cheers, ~Blairo _______________________________________________ OpenStack-dev mailing list OpenStackfirstname.lastname@example.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev