OpenStack Identity (keystone)

Unified SQL table for role assignments

Registered by Dolph Mathews on 2013-12-12

As discussed at the Icehouse summit [1], we desperately need to merge the various role assignment tables into a single table that can be queried more efficiently for the data we actually need, such as... roles!

Roles are currently persisted as JSON in a metadata column, and assignments are spread across 4 different tables (user-project, group-project, user-domain, group-domain). These four tables should be migrated to one unified table described here [2].

[1]: http://icehousedesignsummit.sched.org/event/314ae26f7fe2aca434d58f859e063ed6
[2]: https://etherpad.openstack.org/p/icehouse-assignments

Blueprint information

Status:: Complete

Approver:: None

Priority:: Medium

Drafter:: None

Direction:: Needs approval

Assignee:: Henry Nash

Definition:: Approved

Series goal:: Accepted for icehouse

Implementation:: Implemented

Milestone target:: 2014.1

Started by: Henry Nash on 2014-02-05

Completed by: Dolph Mathews on 2014-02-20

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/role-assignments-unified-sql,n,z

Addressed by: https://review.openstack.org/71159 (merged)
Rationalize the Assignment Grant Tables

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information

Everyone can see this information.

Subscribers

Henry Nash