Standard for identifying tenants in a multi-tenant deployment
As a cloud computing platform, OpenStack must support the concept of multi-tenancy. A common approach to organizing resources by 'tenant' across services is needed to be able to correlate usage tracking, auditing, authorization, etc... And within each multi-tenant service, the ability to identify each tenant's resources (for various reasons such as security, accounting, isolation, etc…) is also key. However, the definition of a 'tenant' will vary by operator and by deployment. This blueprint therefore proposes creating a lightweight standard for service developers to implement tenancy and resource grouping without a-priori knowledge of billing and accounting processes specific to the operator of an OpenStack deployment.
- Rick Clark
- Ziad Sawalha
- Monsyne Dragon
- Series goal:
- Accepted for cactus
- Milestone target:
- Started by
- Monsyne Dragon on 2011-02-15
- Completed by
- Thierry Carrez on 2011-03-14
A similar blueprint has been submitted to Swift as well.
I will be implementing this using the existing project name as the account name.
1: Allow project (account) name to be passed in Openstack api requests (currrently it's hardcoded to the FLAGS.default_
2: Have builtin nova authc include appropriate account_name in X-Server-
3: Fix project/network relationship to work properly for flat network model (as well as others)
4: Add Account/User admin API methods. (CRUD + Add user to account)
* Blueprints in grey have been implemented.