>From: Sandy Walsh [sandy.wa...@rackspace.com] Monday, December 01, 2014 9:29 AM > >>From: Duncan Thomas [duncan.tho...@gmail.com] >>Sent: Sunday, November 30, 2014 5:40 AM >>To: OpenStack Development Mailing List >>Subject: Re: [openstack-dev] Where should Schema files live? >> >>Duncan Thomas >>On Nov 27, 2014 10:32 PM, "Sandy Walsh" <sandy.wa...@rackspace.com> wrote: >>> >>> We were thinking each service API would expose their schema via a new >>> /schema resource (or something). Nova would expose its schema. Glance its >>> own. etc. This would also work well for installations still using older >>> deployments. >>This feels like externally exposing info that need not be external (since the >>notifications are not external to the deploy) and it sounds like it will >>potentially leak fine detailed version and maybe deployment config details >>that you don't want to make public - either for commercial reasons or to make >>targeted attacks harder >> > >Yep, good point. Makes a good case for standing up our own service or just >relying on the tarballs being in a well know place.
Hmm, I wonder if it makes sense to limit the /schema resource to service accounts. Expose it by role. There's something in the back of my head that doesn't like calling out to the public API though. Perhaps unfounded.
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
