Re: [openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

2014-05-07 Thread Dolph Mathews
On Tue, Apr 29, 2014 at 1:25 AM, Robert Collins robe...@robertcollins.netwrote: On 29 April 2014 12:27, Dolph Mathews dolph.math...@gmail.com wrote: Sure: domain names are unambiguous but user mutable, whereas Heat's approach to using admin tenant name is at risk to both mutability and

Re: [openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

2014-05-07 Thread Clint Byrum
Excerpts from Robert Collins's message of 2014-04-28 23:25:02 -0700: On 29 April 2014 12:27, Dolph Mathews dolph.math...@gmail.com wrote: Sure: domain names are unambiguous but user mutable, whereas Heat's approach to using admin tenant name is at risk to both mutability and ambiguity (in

Re: [openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

2014-04-29 Thread Robert Collins
On 29 April 2014 12:27, Dolph Mathews dolph.math...@gmail.com wrote: Sure: domain names are unambiguous but user mutable, whereas Heat's approach to using admin tenant name is at risk to both mutability and ambiguity (in a multi-domain deployment). Isn't domainname/user unambiguous and

Re: [openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

2014-04-29 Thread Miller, Mark M (EB SW Cloud - RD - Corvallis)
In Keystone, users are assigned to a domain when they are created. This is a unique combination. -Original Message- From: Robert Collins [mailto:robe...@robertcollins.net] Sent: Monday, April 28, 2014 11:25 PM To: OpenStack Development Mailing List (not for usage questions) Subject:

[openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

2014-04-28 Thread Clint Byrum
So in the process of making Heat deploy itself, I've run into a bit of a deadlock. https://bugs.launchpad.net/tripleo/+bug/1287453 https://bugs.launchpad.net/heat/+bug/1313003 Currently, we deploy OpenStack like this: * First we generate usernames/passwords for all service accounts * Next we

Re: [openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

2014-04-28 Thread Dolph Mathews
On Mon, Apr 28, 2014 at 12:51 PM, Clint Byrum cl...@fewbar.com wrote: So in the process of making Heat deploy itself, I've run into a bit of a deadlock. https://bugs.launchpad.net/tripleo/+bug/1287453 https://bugs.launchpad.net/heat/+bug/1313003 Currently, we deploy OpenStack like this:

Re: [openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

2014-04-28 Thread Clint Byrum
Excerpts from Dolph Mathews's message of 2014-04-28 12:28:41 -0700: On Mon, Apr 28, 2014 at 12:51 PM, Clint Byrum cl...@fewbar.com wrote: So in the process of making Heat deploy itself, I've run into a bit of a deadlock. https://bugs.launchpad.net/tripleo/+bug/1287453

Re: [openstack-dev] [Heat] [Keystone] [TripleO] Making use of domains by name - policy and API issues?

2014-04-28 Thread Dolph Mathews
On Mon, Apr 28, 2014 at 2:48 PM, Clint Byrum cl...@fewbar.com wrote: Excerpts from Dolph Mathews's message of 2014-04-28 12:28:41 -0700: On Mon, Apr 28, 2014 at 12:51 PM, Clint Byrum cl...@fewbar.com wrote: So in the process of making Heat deploy itself, I've run into a bit of a