OpenStack Identity (keystone)

Make it possible to disable the storing of SQL extra attributes

Registered by Henry Nash on 2015-01-31

Our SQL drivers have for a long time supported clients piggybacking on our formal entity attributes by just including extra attributes in the API call (e.g. POST) - which we then store in the 'extras' column. While this is used by a number of customers, it's a practice we don't want to encourage. Moreover, allowing this could mean that cloud providers are unintentionally storing PII information if the client includes such attributes in their API calls. We should provide a config option to disable the storing of extra attributes (which, for now, would be set to enabled for backward compatibility)

Blueprint information

Status:: Complete

Approver:: None

Priority:: Low

Drafter:: Henry Nash

Direction:: Approved

Assignee:: Henry Nash

Definition:: Superseded

Series goal:: None

Implementation:: Not started

Milestone target:: None

Completed by: Henry Nash on 2015-07-21

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/extra-optional,n,z

Addressed by: https://review.openstack.org/151939
Provide option to disable storing of extra attributes in SQL

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.