OpenStack Compute (Nova)

Standard for identifying tenants in a multi-tenant deployment

Registered by Ziad Sawalha on 2010-10-29

As a cloud computing platform, OpenStack must support the concept of multi-tenancy. A common approach to organizing resources by 'tenant' across services is needed to be able to correlate usage tracking, auditing, authorization, etc... And within each multi-tenant service, the ability to identify each tenant's resources (for various reasons such as security, accounting, isolation, etc…) is also key. However, the definition of a 'tenant' will vary by operator and by deployment. This blueprint therefore proposes creating a lightweight standard for service developers to implement tenancy and resource grouping without a-priori knowledge of billing and accounting processes specific to the operator of an OpenStack deployment.

Blueprint information

Status:
Complete
Approver:
Rick Clark
Priority:
Medium
Drafter:
Ziad Sawalha
Direction:
Approved
Assignee:
Monsyne Dragon
Definition:
Approved
Series goal:
Accepted for cactus
Implementation:
Implemented
Milestone target:
None
Started by
Monsyne Dragon on 2011-02-15
Completed by
Thierry Carrez on 2011-03-14

Sprints

Whiteboard

A similar blueprint has been submitted to Swift as well.

Implementation tasks:
I will be implementing this using the existing project name as the account name.

Tasks:
1: Allow project (account) name to be passed in Openstack api requests (currrently it's hardcoded to the FLAGS.default_project) as part of url. (done)

2: Have builtin nova authc include appropriate account_name in X-Server-Management-Url header url. (done)

3: Fix project/network relationship to work properly for flat network model (as well as others)

4: Add Account/User admin API methods. (CRUD + Add user to account)

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.