Comment 4 for bug 1807697
Revision history for this message
| Yang Youseok (ileixe) wrote Re: [RFE] Token returns Project's extra properties | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
@Morgan. Thanks for the further explanation.
Actually, our code base is working just exactly as you said. We made paste middleware which try to get required attributes (currently project 'extra' value though but I will change to 'tags') from keystone.
I felt this solution is merely workaround and it's the reason why I made this RFE.
That's because
1. Every single API call have to make one more round trip to get the attribute. It makes more latency to use API.
2. Service(Nova, Neutron ...) have to implement keystone client API. On the Nova side, it's implemented already, but many other projects are not done and even the purpose of the keystone client is to validate the quota only (Not for general call like our purpose)
However at the same time I could not agree with you more for the risk to change external interface, so we need to consider whether this is the right direction.
IMHO, token expose somewhat scope related attributes and tag could be a scheme for grouping resources, so I think it can be building block for more abstracted APIs. (Multicloud for example)
I made a minimal required change and tested, at least it works well for policy. Although there are many related sub project to be changed (oslo.middleware, oslo.context and so on), if community has some consensus of the necessity I will be happy to get started.
Thanks