<div dir="ltr">As Guang pointed out, valid types are really a contract between our consumers, and the API spec can't possibly define an exhaustive list for the implementation to validate against.<div><br></div><div>However, this could simply be configurable per deployment, e.g.:<div>
<br></div><div style> valid_credential_types = ec2,cert</div><div style><br></div><div style>and then (excuse the pseudocode):</div><div style><br></div><div style> assert credential.type in CONF.valid_credential_types.split(',')</div>
<div><div class="gmail_extra"><div><div><br></div>-Dolph</div>
<br><br><div class="gmail_quote">On Thu, Jan 10, 2013 at 11:44 PM, Yee, Guang <span dir="ltr"><<a href="mailto:guang.yee@hp.com" target="_blank">guang.yee@hp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">The spec also mentioned<u></u><u></u></span></p><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">“</span><span style="font-size:9.5pt;font-family:"Helvetica","sans-serif";color:#333333;background:white">A specific implementation may determine the list of supported types.”<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Helvetica","sans-serif";color:#333333;background:white"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I think Haneef is coming from the interoperability angle. I am guessing other types will be treated as extensions once the (xml/json) schema is solidify?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Since project_id is optional, if you want a credential that works across all projects, then don’t set the project_id. Problem would be if you have one of those and one that is tight to the project, which one to choose? Probably want the one that is tight to the project first.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Guang<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Dolph Mathews [mailto:<a href="mailto:dolph.mathews@gmail.com" target="_blank">dolph.mathews@gmail.com</a>] <br>
<b>Sent:</b> Thursday, January 10, 2013 2:20 PM<br><b>To:</b> OpenStack Development Mailing List<br><b>Subject:</b> Re: [openstack-dev] V3 credentials API<u></u><u></u></span></p></div><div><div class="h5"><p class="MsoNormal">
<u></u> <u></u></p><div><p class="MsoNormal">Credentials are described in the v3 spec[1] and it was specifically designed to make the existing 'ec2' credential storage more generic (so to answer your question: yes, <span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#500050">credentials are only valid only for that tenant)</span>.<u></u><u></u></p>
<div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">[1]: <a href="https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md#credentials-v3credentials" target="_blank">https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md#credentials-v3credentials</a><u></u><u></u></p>
</div></div><div><p class="MsoNormal"><br clear="all"><u></u><u></u></p><div><div><p class="MsoNormal"><u></u> <u></u></p></div><p class="MsoNormal">-Dolph<u></u><u></u></p></div><p class="MsoNormal" style="margin-bottom:12.0pt">
<u></u> <u></u></p><div><p class="MsoNormal">On Thu, Jan 10, 2013 at 3:29 PM, Ali, Haneef <<a href="mailto:haneef.ali@hp.com" target="_blank">haneef.ali@hp.com</a>> wrote:<u></u><u></u></p><div><div><p class="MsoNormal">
Hi,<u></u><u></u></p><p class="MsoNormal"> <u></u><u></u></p><p class="MsoNormal">In V3 api credentials is associated with projectId. What is the use case for it? Does this mean a user can access that tenant using only that credentials or that credentials is valid only for that tenant?<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p><p class="MsoNormal">Also credentials has a “type” attribute. It will be useful if keystone defines some standard credential types. e.g It will cause confusion if one user creates ‘ec2” credential with type “ec2” and anointer one creates with type “AmazonEC2”.<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p><p class="MsoNormal"> <u></u><u></u></p><p class="MsoNormal">Thanks<u></u><u></u></p><p class="MsoNormal"><span style="color:#888888">Haneef<u></u><u></u></span></p></div></div><p class="MsoNormal" style="margin-bottom:12.0pt">
<br>_______________________________________________<br>OpenStack-dev mailing list<br><a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><u></u><u></u></p>
</div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div></div><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div></div></div></div>