© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Hey,
@dan
TBH, I don't think it is a good idea to tight glance to keystone - even though it is possible - for a couple of reasons.
1) That would make Glance even more fragile to possible changes in keystone
2) I don't think Glance should worry about the existence of the tenant in keystone, I mean, if the user adds a tenant and later it is removed from keystone - as pointed out by John - it wouldn't be possible to clean it up in glance, unless keystone sends a notification to glance - which would make the integration even tighter.
3) If the tenant doesn't exist in keystone, users wont be able to login to that tenant which means that it wont be used as a member filter in glance, ever. In this case, users will have to clean up the members themselves unless - as pointed in point 2 - keystone notifies Glance and other services.
IMHO, Glance should be as independent as possible from other services in order to focus on the service it is providing, unless we change the way auth works in glance, I don't think there's a good and not so tight way to do this.
Perhaps, this is something keystone should be taking care of. Dunno.