Cloud or region namespaces

In multi-site/multi-regions distributed OpenStack cloud deployment, users may want to own resources (projects, groups, vms, images , volumes) across multiple regions. Keystone projects provide integration with users to their resources and it must have a unique name within a domain. In most of the deployments providers do not use domain concept as it is not yet transparent to services and they use only the default domain. Following are the problems user and provider face in such setup

 1. Cloud provider uses projects to map users and impose users to choose unique name to their project. This causes problems for the user as they have to deal with multiple project names to model their workload across multiple regions. It would be helpful if they can use the same project name in all the regions.
 2. Its hard for cloud provider for a particular region to manage and identify resources which they are managing on behalf of other regions. It would be helpful for the cloud provider if they have ability to identify all the resources which they are managing for other regions in multi-regions distributed OpenStack cloud deployment.

To solve above mentioned problems we need to introduce a notion of cloud (or region) namespaces for Keystone resources (domain, project, groups) as an additional field. The namespace is generic concept which will help to scope Keystone resources (hence all the computing resources) to a unique names across all the regions.

The namespace (e.g. cloud.<provider_id>.<region_id>) will represent a cloud/region in multi-site cloud deployment. The namespace will provide uniqueness to the Keystone resources (e.g. projects) with same names across the regions and avoid name collisions.

E.g. 1- User from "region1" want to have project with name "qa_project" in region 2 and 3, with namespace (added field in project table) region 2 and 3 both can have "qa_project". This will help users to better map their resource to a unique project name across regions/clouds.

E.g.2 - Cloud provider from a particular region what to know, list of resource (projects, groups, vms, images , volumes) they are managing on behalf of other regions. This is needed for better accounting of resources/usage aggregation of resource usage. Cloud/region namespace will solve this problem as provider can looks resources using it.