Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-10-05 Thread Kevin Benton
The proposals tradionatlly have Neutron acting as proxy for Keystone vs having the backend controller request the information directly creates more problems than it solves. Can you elaborate on this a bit more? From a driver-author perspective this is exactly the opposite of what I've observed.

Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-09-23 Thread Duncan Thomas
On 22 September 2014 21:49, Mark McClain m...@mcclain.xyz wrote: Ideally, I think something that provides proper sync support should exist in Keystone or a Keystone related project vs multiple implementations in Neutron, Cinder or any other multi-tenant service that wants to provide more

Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-09-22 Thread Dolph Mathews
On Sun, Sep 21, 2014 at 3:58 PM, Kevin Benton blak...@gmail.com wrote: So based on those guidelines there would be a problem with the IBM patch because it's storing the tenant name in a backend controller, right? It would need to be regarded as an expiring cache if Neutron chose to go that

Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-09-22 Thread Akihiro Motoki
In Keystone, as Dolph says, a tenant name is not globally unique, so IMHO tenant_id needs to be passed to a back-end controller to ensure uniqueness of tenant (or project). tenant_name can be an additional information. For example it can be used in a GUI of a back-end controller, so I think it

Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-09-22 Thread Monty Taylor
On 09/21/2014 10:57 PM, Nader Lahouti wrote: Thanks Kevin for bring it up in the ML, I was looking for a guideline or any document to clarify issues on this subject. I was told, even using keystone API in neutron is not permitted. I recognize that I'm potentially without context for neutron

Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-09-22 Thread Mohammad Banikazemi
] [Neutron] - what integration with Keystone is allowed? On Sun, Sep 21, 2014 at 3:58 PM, Kevin Benton blak...@gmail.com wrote: So based on those guidelines there would be a problem with the IBM patch because it's storing the tenant name in a backend controller, right? It would need

Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-09-22 Thread Mohammad Banikazemi
Akihiro Motoki amot...@gmail.com wrote on 09/22/2014 12:50:43 PM: From: Akihiro Motoki amot...@gmail.com To: OpenStack Development Mailing List (not for usage questions) openstack-dev@lists.openstack.org Date: 09/22/2014 12:53 PM Subject: Re: [openstack-dev] [Neutron] - what integration

Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-09-22 Thread Kevin Benton
: [openstack-dev] [Neutron] - what integration with Keystone is allowed? -- On Sun, Sep 21, 2014 at 3:58 PM, Kevin Benton *blak...@gmail.com* blak...@gmail.com wrote: So based on those guidelines there would be a problem with the IBM patch because it's

Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-09-22 Thread Mark McClain
On Sep 22, 2014, at 1:20 PM, Monty Taylor mord...@inaugust.com wrote: On 09/21/2014 10:57 PM, Nader Lahouti wrote: Thanks Kevin for bring it up in the ML, I was looking for a guideline or any document to clarify issues on this subject. I was told, even using keystone API in neutron is not

Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-09-21 Thread Dolph Mathews
Querying keystone for tenant names is certainly fair game. Keystone should be considered the only source of truth for tenant names though, as they are mutable and not globally unique on their own, so other services should not stash any names from keystone into long term persistence (users,

Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-09-21 Thread Kevin Benton
So based on those guidelines there would be a problem with the IBM patch because it's storing the tenant name in a backend controller, right? On Sep 21, 2014 12:18 PM, Dolph Mathews dolph.math...@gmail.com wrote: Querying keystone for tenant names is certainly fair game. Keystone should be

Re: [openstack-dev] [Neutron] - what integration with Keystone is allowed?

2014-09-21 Thread Nader Lahouti
Thanks Kevin for bring it up in the ML, I was looking for a guideline or any document to clarify issues on this subject. I was told, even using keystone API in neutron is not permitted. Thanks, Nader. On Sun, Sep 21, 2014 at 12:58 PM, Kevin Benton blak...@gmail.com wrote: So based on those