openstack team mailing list archive
Mailing list archive
Re: Keystone database (using latest devstack)
On 03/09/2012 10:23 AM, Jason Hedden wrote:
On Mar 8, 2012, at 10:01 PM, Deepak Garg wrote:
I have also been trying to find a cli to get a user's role in a
I could not do that even with db tables mapping. Following are the fields
in the tables:
tenant table -> tenant_Id, name, extras
user_tenant_membership -> user_id, tenant_id
user table -> id, name, extra
role table -> id, name
So when we bind a user to a tenant with a particular role. How do we
store the data in the db so that its possible to verify it and may be
retrieve it using cli (when it gets implemented) ?
The data is stored in a python dictionary, inside of the metadata table. You will not be able to use SQL without an unwieldy wildcard search. IMO this seems overly complicated for a core function of the tool, and possibly the reason why listing user/tenant roles hasn't been implemented.
I suspect the existing SQL schema has more to do with the default of
using a key-value store until recently.
I think that storing in the roles relationships in the "extra" column is
a bit of premature optimization that is a little ill-conceived at this
point -- it sacrifices functionality for a perceived performance
improvement. I don't believe there's any evidence that the join to a
roles table (or two joins for a mapping many-to-many relationship table)
had an adverse impact on performance in the legacy Keystone.