>From: Sandy Walsh [sandy.wa...@rackspace.com] Monday, December 01, 2014 9:29 AM
>>From: Duncan Thomas [duncan.tho...@gmail.com]
>>Sent: Sunday, November 30, 2014 5:40 AM
>>To: OpenStack Development Mailing List
>>Subject: Re: [openstack-dev] Where should Schema files live?
>>Duncan Thomas
>>On Nov 27, 2014 10:32 PM, "Sandy Walsh" <sandy.wa...@rackspace.com> wrote:
>>> We were thinking each service API would expose their schema via a new 
>>> /schema resource (or something). Nova would expose its schema. Glance its 
>>> own. etc. This would also work well for installations still using older 
>>> deployments.
>>This feels like externally exposing info that need not be external (since the 
>>notifications are not external to the deploy) and it sounds like it will 
>>potentially leak fine detailed version and maybe deployment config details 
>>that you don't want to make public - either for commercial reasons or to make 
>>targeted attacks harder
>Yep, good point. Makes a good case for standing up our own service or just 
>relying on the tarballs being in a well know place.

Hmm, I wonder if it makes sense to limit the /schema resource to service 
accounts. Expose it by role.

There's something in the back of my head that doesn't like calling out to the 
public API though. Perhaps unfounded.

OpenStack-dev mailing list

Reply via email to