Use keystone uuid with cloud id
ref: https://storyboard.openstack.org/#!/story/135 Use Endpoint ID as a unique identifier for clouds in refstack test uploads. Change-Id: I363531ccfbffc5ba76a7d95de6648ff2dd75a95d
This commit is contained in:
Rob Hirschfeld
parent
d2d47f80a4
commit
206e6a0e10
145
specs/proposed/refstack-org-api-cloud-uuid.rst
Normal file
145
specs/proposed/refstack-org-api-cloud-uuid.rst
Normal file
@ -0,0 +1,145 @@
|
|||||||
|
==========================================
|
||||||
|
Test Submission API should use Target Identity Endpoint UUID
|
||||||
|
==========================================
|
||||||
|
|
||||||
|
story: "Use keystone uuid with cloud id"
|
||||||
|
ref: https://storyboard.openstack.org/#!/story/135
|
||||||
|
|
||||||
|
|
||||||
|
In order to ensure that multiple test runs are attributed to the same cloud,
|
||||||
|
test runner needs to use a consistent, discoverable and unique identifier
|
||||||
|
for each cloud test. This allows multiple users to correlate results from
|
||||||
|
the same cloud.
|
||||||
|
|
||||||
|
Problem description
|
||||||
|
===================
|
||||||
|
|
||||||
|
Refstack is designed to have minimal user security and configuration overhead;
|
||||||
|
consequently, there are no mechanisms in the short term to ensure that a user's
|
||||||
|
test results are authorized (see note). To create valid results, refstack needs a way to
|
||||||
|
know when multiple runs are against the same targets so that comparisons are valid.
|
||||||
|
|
||||||
|
> Note: In the future, Refstack will include user authentication. At that point
|
||||||
|
it will be possible to associate uploaded data to users and vendors in an
|
||||||
|
authoritative way.
|
||||||
|
|
||||||
|
To solve this problem, refstack needs a unique handle for each cloud tested
|
||||||
|
that is unique and also discoverable to the test runner.
|
||||||
|
|
||||||
|
Some requirements:
|
||||||
|
|
||||||
|
* No round trips to refstack before a test is submitted (do not pre-create cloud)
|
||||||
|
* Minimal trust of users (do not require user credentials for uploads)
|
||||||
|
* Users should not be expected to remember cloud IDs
|
||||||
|
* Multiple users of same cloud should be tracked together
|
||||||
|
|
||||||
|
Proposed change
|
||||||
|
===============
|
||||||
|
|
||||||
|
When test runner submits results, it should submit with the Identity Endpoint
|
||||||
|
UUID (aka Keystone end point under serviceCatalog/service["identity"]/endpoint[?id]).
|
||||||
|
|
||||||
|
The refstack API should accept EITHER the user's created refstack cloud ID or the
|
||||||
|
discovered Endpoint UUID. If the refstack cloud ID is passed and no cloud
|
||||||
|
exists then refstack should create a new refstack cloud.
|
||||||
|
|
||||||
|
Alternatives
|
||||||
|
------------
|
||||||
|
|
||||||
|
Refstack could use a different endpoint for the ID
|
||||||
|
|
||||||
|
Refstack could stop using its own cloud ID and only use endpoint IDs
|
||||||
|
|
||||||
|
Possible addition: we may want to also track the cloud endpoint URL. This
|
||||||
|
could be a possible added field for the JSON upload. While this will
|
||||||
|
help identify clouds, it could also reveal more information than the
|
||||||
|
user wants disclosed. We should only implement this with user permission.
|
||||||
|
|
||||||
|
Data model impact
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
We have to add the endpoint ID as a field into the Cloud model.
|
||||||
|
|
||||||
|
REST API impact
|
||||||
|
---------------
|
||||||
|
|
||||||
|
The Test Upload API needs to be modified to accept either the Test ID or the
|
||||||
|
endpoint UUID. If the endpoint UUID is not in the URL then it should be included
|
||||||
|
in the JSON payload.
|
||||||
|
|
||||||
|
Security impact
|
||||||
|
---------------
|
||||||
|
|
||||||
|
Improvement: this helps reduce the need of passing refstack authentication to ensure
|
||||||
|
that cloud results are linked to individual clouds or users.
|
||||||
|
|
||||||
|
|
||||||
|
Notifications impact
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
None.
|
||||||
|
|
||||||
|
Other end user impact
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
Users will not have to pre-create clouds before using
|
||||||
|
refstack.
|
||||||
|
|
||||||
|
Users will have to be able to assign clouds to endpoint UUIDs.
|
||||||
|
|
||||||
|
Performance Impact
|
||||||
|
------------------
|
||||||
|
|
||||||
|
Should improve performance because round trips on result
|
||||||
|
uploads are avoided.
|
||||||
|
|
||||||
|
Other deployer impact
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
None.
|
||||||
|
|
||||||
|
Developer impact
|
||||||
|
----------------
|
||||||
|
|
||||||
|
Should simplify developer work.
|
||||||
|
|
||||||
|
Implementation
|
||||||
|
==============
|
||||||
|
|
||||||
|
Assignee(s)
|
||||||
|
-----------
|
||||||
|
|
||||||
|
TBD
|
||||||
|
|
||||||
|
Work Items
|
||||||
|
----------
|
||||||
|
|
||||||
|
* determine forumula for endpoint UUID (if any needed)
|
||||||
|
* get and add cloud epid to results upload
|
||||||
|
* add cloud epid to model
|
||||||
|
* update api to response correctly for epid lookup
|
||||||
|
|
||||||
|
Dependencies
|
||||||
|
============
|
||||||
|
|
||||||
|
API v1 spec.
|
||||||
|
|
||||||
|
Testing
|
||||||
|
=======
|
||||||
|
|
||||||
|
We need to validate the endpoint IDs correctly resolve to clouds.
|
||||||
|
|
||||||
|
Documentation Impact
|
||||||
|
====================
|
||||||
|
|
||||||
|
We should explain how clouds are identified in the documentation so that
|
||||||
|
users will understand the impact of re-installing and how to keep results
|
||||||
|
together even if the cloud changes.
|
||||||
|
|
||||||
|
We will also have to explain how to associate results to a user managed
|
||||||
|
cloud.
|
||||||
|
|
||||||
|
References
|
||||||
|
==========
|
||||||
|
|
||||||
|
https://storyboard.openstack.org/#!/story/135
|
||||||
Loading…
Reference in New Issue
Block a user