On 20 November 2014 05:25, <[email protected]> wrote: > ------------------------------ > > Message: 24 > Date: Wed, 19 Nov 2014 10:57:17 -0500 > From: Doug Hellmann <[email protected]> > To: "OpenStack Development Mailing List (not for usage questions)" > <[email protected]> > Subject: Re: [openstack-dev] Quota management and enforcement across > projects > Message-ID: <[email protected]> > Content-Type: text/plain; charset=windows-1252 > > > On Nov 19, 2014, at 9:51 AM, Sylvain Bauza <[email protected]> wrote: >> My bad. Let me rephrase it. I'm seeing this service as providing added value >> for managing quotas by ensuring consistency across all projects. But as I >> said, I'm also thinking that the quota enforcement has still to be done at >> the customer project level. > > Oh, yes, that is true. I envision the API for the new service having a call > that means ?try to consume X units of a given quota? and that it would return > information about whether that can be done. The apps would have to define > what quotas they care about, and make the appropriate calls.
For actions initiated directly through core OpenStack service APIs (Nova, Cinder, Neutron, etc - anything using Keystone policy), shouldn't quota-enforcement be handled by Keystone? To me this is just a subset of authz, and OpenStack already has a well established service for such decisions. It sounds like the idea here is to provide something generic that could be used outside of OpenStack? I worry that might be premature scope creep that detracts from the outcome. -- Cheers, ~Blairo _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
