How do we prevent accidental collisions of project names?

[yaronyg]

Imagine someone has a project called Foo and deploys it in a few DCs in the US. Then someone in Germany creates a project called Foo and deploys it in a few DCs in Europe. Then suddenly both project owners realize they need to go international and try to deploy in the other geography.

Now so long as the names of the individual resources are different then it won't matter because our DNS names contain both project name and resource name. But if the resource names are the same (and this is HIGHLY likely in the case of KeyVault because we create and name a default KeyVault and we give it the same name in all projects) then we will have collisions.

So ideally we would have some kind of global registry where people can grab project names and thus let other people know they should use a different project name.

Note that this is only to handle good people trying to follow the rules.

If someone wants to maliciously grab names they know another developer will use in their deployments then currently there isn't anything we can do to stop this in Azure. Short of switching all names to cryptographically secure GUIDs we just can't solve it. So if malicious behavior becomes a problem then we will have to go for help to Azure.

In thinking through this problem one approach we are thinking about is a "lock token". Imagine if during Init we try to create some free resource (an Azure function? An empty storage account?) in a single DC. Everyone, everywhere using Sleeve would always try to create the resource in the same DC. That resource's name would be the selected project name. If the resource can't be created then we know someone else is using it and we have to pick a different name.