Excerpts from Robert Collins's message of 2014-04-28 23:25:02 -0700: > On 29 April 2014 12:27, Dolph Mathews <dolph.math...@gmail.com> wrote: > > > > > Sure: domain names are unambiguous but user mutable, whereas Heat's approach > > to using admin tenant "name" is at risk to both mutability and ambiguity (in > > a multi-domain deployment). > > Isn't domainname/user unambiguous and unique? mutability is really not > keystones choice. > > If keystone won't accept domainname/user then that will force us to > either do two stack-updates for a single deploy (ugly) or write > patches to heat (and neutron where the callback-to-nova support has > the same issue) to manually try a lookup and work around this. > > Since its trivial to write such a thunk, what benefit is there to your > users - e.g. TripleO/heat/nova not have it in keystone itself?
So it sounds like we can drive a change into Keystone. The short version is something like this: Anywhere that accepts a domain ID, should also be able to accept a domain name. Anywhere that accepts a user ID, should also be able to accept a domain name and user name. This sounds like it has several facets and so is spec-worthy. Anyone disagree? _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
