openstack team mailing list archive

[Andy Smith <andyster@xxxxxxxxx>]

On Thu, Mar 8, 2012 at 2:46 PM, Jason Hedden <jhedden@xxxxxxxxxxx> wrote:

>        It seems a little odd that the mapping of users to roles is stored
> in a python dictionary within a SQL table.  With this data structure it
> would be more efficient and flexible if the data was stored in a table
> similarly to the previous version of Keystone.  Why not let the database do
> its job?
>
> You can view a snippet of the Keystone metadata table @
> http://paste.openstack.org/show/7552/


The current data access patterns don't support a need to index that data,
if at some point we need to index that more than we need the scalability
and flexibility afforded by using simple primary key lookups then we can
change it, but limiting the scope of what it is possible to do increases
the flexibility of what backends are possible, so I intend to keep the data
access patterns as simple and few as possible.


>
>
> I came across this while trying to list the roles assigned to users, which
> I still don't know how to do via the keystone client utility. Is this even
> possible?
>

Well, to clarify that statement a bit, roles exist on user-tenant pairs, so
you would list the roles for a user-tenant pair.


>
> Jason Hedden
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>