On 7/25/2018 12:43 PM, Chris Friesen wrote:
Keypairs are weird in that they're owned by users, not projects. This
is arguably wrong, since it can cause problems if a user boots an
instance with their keypair and then gets removed from a project.
Nova microversion 2.54 added support for modifying the keypair
associated with an instance when doing a rebuild. Before that there was
no clean way to do it.
While discussing what eventually became microversion 2.54, sdague sent a
nice summary of several discussions related to this:
http://lists.openstack.org/pipermail/openstack-dev/2017-October/123071.html
Note the entries in there about how several deployments don't rely on
nova's keypair interface because of its clunky nature, and other ideas
about getting nova out of the keypair business altogether and instead
let barbican manage that and nova just references a key resource in
barbican. Before we'd consider making incremental changes to nova's
keypair interface and user/project scoping, I think we would need to
think through that barbican route and what it could look like and how it
might benefit everyone.
--
Thanks,
Matt
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev