What if:
- User1 has TenantA as her default tenant
Should the service authenticate the user against TenantA? And if so, why? What
does the 'default tenant' grant User1 on TenantA? It's some nebulous, implied
role…
From: "Rouault, Jason (Cloud Services)"
mailto:jason.roua...@hp.c
We've taken much of that out of the current API; so the API does not allow
creating these entities through the service API.
And we don't have delegation over tenant administration either, although
the API we have in place can fully support atier that implements itŠ.
Z
On 7/13/11 11:30 AM, "Bryan
Agreed. I also can't think of a better name for 'thingies' than what we have
now; role. Open to changing it if we find one soon. If not, we could always
change it in the next version of the API.
It's also starting to sound like thingies are policies (a la XACML and other
AuthZ constructs) or pa
Dropped off the thread for a while... sorry.
Ziad, I think this sounds very reasonable. I think the only hiccup might be
with the use of the term "role" which might connote some "bigger" meaning to
folks with backgrounds.
If I understand your proposal, then a service can decide what is the
g
If they had called it "global" or some other container name, would you be
happier with that? If you're trying to leverage some LDAP style framework,
then you'd always want users in some container instead of at the raw root.
Maybe some guidance or default schema would help those groups out?
On W
And some current Nova users have created 'dummy' tenants to house global
users. That's ugly and hard to maintain, so we wanted to avoid 'dummy'
tenant solutions if possible. Given we're creating the spec right here and
now, we can do that :-)
On 7/13/11 12:14 PM, "Jay Pipes" wrote:
>On Wed, Ju
Vish,
Yep reboot works ok for non running vms. And we're doing everything else via
custom scripts, just asking if theres a better way to do it :)
Regards
Lele
On Tue, Jul 12, 2011 at 6:21 PM, Vishvananda Ishaya
wrote:
> Reboot should really allow you to reboot a non-running vm as well. This has
Hey Thomas,
File a bug on this: https://bugs.launchpad.net/nova/+bug/810051
Cheers!
jay
On Mon, Jul 11, 2011 at 10:43 PM, Thomas Goirand wrote:
> Hi,
>
> Seems debian/copyright isn't correct and needs some refinement.
>
> I don't think that openwrt-x86-ext2.image and openwrt-x86-vmlinuz should
Dear All,
I have added a new blueprint
(https://blueprints.launchpad.net/nova/+spec/add-options-network-create-os-apis)
and I am thinking of adding an optional "networks" parameter to the create
server OS API. I am targeting this feature by Diablo-3 milestone.
Sample of XML and JSON Create ser
On Wed, Jul 13, 2011 at 12:30 PM, Bryan Taylor wrote:
> How is this different in effect than letting swift or nova be tenants? Each
> tenant gets to define users, roles, and groups, right?
A service can have multiple tenants. For instance, an installation of
Nova might have a RAX tenant and a RAX
How is this different in effect than letting swift or nova be tenants?
Each tenant gets to define users, roles, and groups, right?
On 07/13/2011 10:39 AM, Jay Pipes wrote:
On Wed, Jul 13, 2011 at 12:45 AM, Ziad Sawalha
wrote:
Here's a possible use case we can implement to address this:
A se
OpenStack Developers:
At OSCON in two weeks, I plan to run a video in the Exhibit Hall with MANY,
MANY developers talking about OpenStack turning 1 and your thoughts on the
future. All I need is 2 to 3 minutes of video from as many people as
possible to create this video mashup. Please take some t
On Wed, Jul 13, 2011 at 12:45 AM, Ziad Sawalha
wrote:
> Here's a possible use case we can implement to address this:
>
> A service 'registers' itself with Keystone and reserves a name (Ex. Swift,
> or nova). Keystone will guarantee uniqueness.
> Registered services can then create roles for the se
On Jul 11, 2011, at 9:23 AM, Sandy Walsh wrote:
> Ugh, sorry, burned again by outlook web. Let me continue ...
>
> I'm still stewing on this but at first blush this seems like an artificial
> abstraction. What do we really gain from having another layer above the
> service api's? Can't they jus
If a user is bound to their default tenant, why wouldn't any role
assignments for that user in their default tenant apply?
Here is how I thought things were to work:
- User1 has TenantA as her default tenant
- User1 has been assigned RoleX for TenantA
- User1 has a
15 matches
Mail list logo
