Excerpts from 王华's message of 2015-08-14 02:34:59 -0700: > Hi Clint Byrum, > > Trusts can solve this problem, but it may cause performance problem. > When we want to get a stack, we need to get the trust_id from db first, and > authenticate with the trust_id, then we can get the stack. >
Indeed, however the answer to this is to subscribe to notifications and get Heat to publish the things you need so you don't have to fetch the stack so often. I believe there's some desire to have Heat push the things that tools like Magnum would want into Zaqar. That would likely be the best way to deal with this (assuming consuming messages from Zaqar ends up being more scalable than querying your DB + keystone. ;) Going around the authentication controls by giving Magnum 100% admin over all things is just going to turn into a mess over time. Other users of Heat will need to do things like this, and won't have the luxury of being operator-owned. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
