Adding Portable Identifiers to Entities

Registered by Ziad Sawalha

For entities like roles to be remain relevant across deployments, they need an identifier that remains the same in all deployments.

Use Case #1: the nova role of cloud_admin should have an identifier that can be referenced in all deployments of OpenStack. This will be needed for federation, where a query may be forwarded to a remote system; a query such as "Does this user have the cloud_admin role?"

Use Case #2: a bunch of VMs are moved from one cloud to another. The UUID may change, but there should be an identifier that get ported over with the VMs so they can still be uniquely identified.

For E2 it will be for users and tenants.

Blueprint information

Ziad Sawalha
Ziad Sawalha
Dolph Mathews
Series goal:
Accepted for essex
Milestone target:
milestone icon 2012.1
Started by
Joe Savak
Completed by
Ziad Sawalha

Related branches



Acceptance criteria:
    DB schema to add new UID columns as string to tenants, roles, users
    By default UID is set to UUID if not set.
    UID can be used in the restful services. UID returned back (integer not available through the API). Called ID in the API
    Manual SQLLite Migration script for Cactus Nova to Diablo Keystone created (dump and import)
    Manual SQLLite Migration script for Cactus Nova to Essex Keystone created (dump and import)
    Updates to the crud code to default the UID if a UID is not sent. UID = UUID by default.
    Tests created against null ids, and sending in UIDs
    Documentation on the difference between ID and UID.
    Update XSDs and WADLs if applicable.

Adding a 'uid' attribute (unique identifier) to the models listed below allows `name` attributes to become non-unique "display names" (if desired).

- users
- tenants
- roles
- endpointtemplates

This attribute would then allow for multiple migrations paths to catch up to essex and to satisfy this blueprint:

- cactus deployments can populate their new 'uid' column with existing, unique 'name' values (strings).
- diablo deployments can populate their new 'uid' column with existing, unique 'id' values (auto-incremented integers).
- Going forward, essex deployments will populate the 'uid' column with uuid's, providing portability.

This `uid` attribute would be exposed through the API as the `id` attribute of the corresponding resource. Based on the rules above, existing users of either cactus or diablo deployments would remain unaffected.

Additionally, `uid` values should be guaranteed to be url-friendly (e.g. not require additional URL encoding/decoding). In other words, `uid == urlencode(uid)`. While the current backend-managed identifiers (integers) satisfy this issue, data imported from cactus deployments may not.

Gerrit topic:,topic:bp/portable-identifiers,n,z

Addressed by:
    Implemented bp portable-identifiers for tenants

Addressed by:
    Exposes tenant UID's (bp portable-identifiers)

Gerrit topic:,topic:bug/885426,n,z

Addressed by:
    Migrated 'enabled' int columns to bool for postgres (bug 885426)


Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.