← Back to team overview

openstack team mailing list archive

Re: Keystone database (using latest devstack)

 

On 03/09/2012 10:23 AM, Jason Hedden wrote:
On Mar 8, 2012, at 10:01 PM, Deepak Garg wrote:

I have also been trying to find a cli to get a user's role in a
particular tenant.
I could not do that even with db tables mapping. Following are the fields
in the tables:

tenant table  ->  tenant_Id, name, extras
user_tenant_membership  ->  user_id, tenant_id
user table  ->  id, name, extra
role table ->  id, name

So when we bind a user to a tenant with a particular role. How do we
store the data in the db so that its possible to verify it and may be
retrieve it using cli (when it gets implemented) ?

The data is stored in a python dictionary, inside of the metadata table.  You will not be able to use SQL without an unwieldy wildcard search.  IMO this seems overly complicated for a core function of the tool, and possibly the reason why listing user/tenant roles hasn't been implemented.

++

I suspect the existing SQL schema has more to do with the default of using a key-value store until recently.

I think that storing in the roles relationships in the "extra" column is a bit of premature optimization that is a little ill-conceived at this point -- it sacrifices functionality for a perceived performance improvement. I don't believe there's any evidence that the join to a roles table (or two joins for a mapping many-to-many relationship table) had an adverse impact on performance in the legacy Keystone.

-jay


Follow ups

References