So based on those guidelines there would be a problem with the IBM patch because it's storing the tenant name in a backend controller, right? On Sep 21, 2014 12:18 PM, "Dolph Mathews" <dolph.math...@gmail.com> wrote:
> Querying keystone for tenant names is certainly fair game. > > Keystone should be considered the only source of truth for tenant names > though, as they are mutable and not globally unique on their own, so other > services should not stash any names from keystone into long term > persistence (users, projects, domains, groups, etc-- roles might be an odd > outlier worth a separate conversation if anyone is interested). > > Store IDs where necessary, and use IDs on the wire where possible though, > as they are immutable. > > On Sat, Sep 20, 2014 at 7:46 PM, Kevin Benton <blak...@gmail.com> wrote: > >> Hello all, >> >> A patch has come up to query keystone for tenant names in the IBM >> plugin.[1] As I understand it, this was one of the reasons another >> mechanism driver was reverted.[2] Can we get some clarity on the level >> of integration with Keystone that is permitted? >> >> Thanks >> >> 1. https://review.openstack.org/#/c/122382 >> 2. https://review.openstack.org/#/c/118456 >> >> -- >> Kevin Benton >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
