----- Original Message -----
From: "Itamar Heim" <iheim@redhat.com> To: "Oved Ourfalli" <ovedo@redhat.com> Cc: "engine-devel" <engine-devel@ovirt.org> Sent: Monday, May 13, 2013 9:46:48 AM Subject: Re: [Engine-devel] What type of DB inheritance to use?
On 05/13/2013 10:42 AM, Oved Ourfalli wrote:
IMO, the following fields will fit most providers, at least the ones we plan to support in the near future: * id * name * type * URL * requires_authentication (boolean) to support development/POC/testing... mode
redundant with empty username/password?
* username * password
do keystone based services allow to authenticate directly to them, or you need an additional authentication url (to get the ticket)?
You need the ticket, but we said that the keystone service (auth url, username and password) are config values for the time being. Anyway in the future I expect these providers to be linked to their keystone service. E.g.: id name username password url auth_provider tenant ... 1 keystone1 myuser mypass http://keystone <null> <null> 2 glance1 <null> <null> http://glance 1 mytenant1 3 glance1 <null> <null> http://glance 1 mytenant2 4 quantum1 <null> <null> http://quantum 1 mytenant1 I expect quantum to be needing the tenant name too (as soon as it will be integrated with keystone). Given the username/password (created for the ovirt management), the user can be added to the tenants (all the ones that the admin wants to consume) and then ovirt will get the auth tokens with the relevant info, e.g. (pseudocode with reference to the table above): keystone = new Keystone("http://keystone"); glance1_token = keystone.authenticate("myuser", "mypass", "mytenant1"); glance2_token = keystone.authenticate("myuser", "mypass", "mytenant2"); quantum1_token = glance1_token; glance = new Glance("http://glance", glance1_token); glance.listImages(); .... -- Federico