openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #03225
Re: [Keystone] [Swift] Keystone Tenant vs Swift Account
Hi Liem! Comments inline...
> From: Nguyen, Liem Manh [mailto:liem_m_nguyen@xxxxxx]
> Sent: Friday, July 15, 2011 05:56 PM
>
> For Nova, the Keystone Tenant maps to a Nova project, and according to the
> “Finalize Auth integration” blueprint, the Nova project is going away (“no
> more project/roleuser info in nova”).
If I understand Z correctly, I think what that means is that the
*linking* relationship between a project and a role will no longer be
stored in Nova. Only the project identifier will be stored in Nova,
and the relationship of a project to a role will be stored in
Keystone.
> What about Swift’s account? I assume the Keystone tenant would map to a
> Swift account. How would this mapping occur? Would Swift still maintain
> account information in the db and these will get synchronized with Keystone
> tenant information (i.e., auto-create accounts), or would Swift get rid of
> the account concept and have a mapping between tenant and containers
> instead? If there is any existing blue-print/docs on Keystone/Swift
> integration plan for Diablo, that would be greatly appreciated.
I don't see any need to remove the concept of an account in Swift.
It's a central component in the way that access to objects in Swift is
controlled. I think that Z is saying that the account in Swift should
merely be considered the tenant in Keystone.
-jay
References