Comment 41 for bug 1617918

Hi Jake,

The user/project is really tied to the Keystone approach, and Gnocchi trying to be generic, it's not a good idea to bake those notion deeply into it.

That being said, it does not is a problem to user value+creator as the key here. This is just about encoding the resource id, so it is unique for a creator (user+project in Keystone case). This does not implies who gets access to the resource: the Keystone auth mode still allow access to resources that belongs to a project_id that the user is auth with.

So that means you won't be able to do directly "gnocchi resource show foobar" as user2/project1 if it has been created by user1/project1 because that will be a different UUID. But you will be able to do "gnocchi resource show <uuid-of-foobar-created-by-user1/project1>" as the Keystone auth mode will allow you. It's just a matter of knowing the UUID – which is easily possible by listing or search the resource.

The trade-off of fixing this bug is that: everyone can create a "foobar" resource (it's being translated into an UUID) but it's gonna be unique per creator (which is user+project in Gnocchi).