Open Stack

I've updated the dev guide with your suggestions:
- Section 4.4 explains the GET /tenants call needs to be authenticated and the examples now show passing in the authentication header.
- Section 5.2.1 is new and talks about authenticating for the Admin API and puts in a reference for bootstrapping the system (creating a first administrator). Here, I've left it as a reference to the admin guide which is yet to be developed (jaypipes volunteered to help us create that in RST), but I also refer to the readme which today has instructions for setting up your Keystone instance.

Let me know if that gets you going, Andi.

Regards,
Ziad


From: Ziad Sawalha <ziad.sawalha at rackspace.com<mailto:ziad.sawalha at rackspace.com>>
Date: Sat, 11 Jun 2011 14:44:12 +0000
To: Andiabes <andi.abes at gmail.com<mailto:andi.abes at gmail.com>>
Cc: "openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>" <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>
Subject: Re: [Openstack] OpenStack Identity: Keystone API Proposal

Your guess is correct. The only calls you should be able to make without having a token are the calls to discover the service (getting version info, WADL contract, dev guide, help, etc…) and to get a token. After that, all other calls require passing in a token.

On the Admin APIs, the token passed in must have the necessary administrative privileges.

To bootstrap Keystone with a blank identity store, you can execute bin/keystone-manage to create your initial administrative identity(ies).

If you use the sample data creation script provided, it will create an admin user (and create a token for that user) which you can use.

We'll clarify that in the dev guide.

Thanks Andi

Ziad

From: Andiabes <andi.abes at gmail.com<mailto:andi.abes at gmail.com>>
Date: Fri, 10 Jun 2011 21:08:18 -0400
To: Ziad Sawalha <ziad.sawalha at rackspace.com<mailto:ziad.sawalha at rackspace.com>>
Cc: "openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>" <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>
Subject: Re: [Openstack] OpenStack Identity: Keystone API Proposal

It might be useful to include in the API guide some information about authentication to keystone itself. I.e when requesting a list of users,tenants etc the requestor should somehow authenticate itself
I'm guessing that the flow involve acquiring a token that authenticates the user to keystone as a user who has privileges to manage the relevant entities.?

Sent from my iPad

On Jun 10, 2011, at 7:24 PM, Ziad Sawalha <ziad.sawalha at rackspace.com<mailto:ziad.sawalha at rackspace.com>> wrote:

Time flies! It's June 10th already. In my last email to this community I had proposed today as the day to lock down the Keystone API so we can finalize implementation by Diablo-D2 (June 30th).

We've been working on this feverishly over the past couple of weeks and have just pushed out a proposed API here:<https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf>https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf

For any and all interested, the original source and code is on Github (<https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf>https://github.com/rackspace/keystone), along with the current implementation of Keystone, examples, sample data, tests, instructions, and all the goodies we could muster to put together. The project also lives on Launchpad at <http://launchpad.net/keystone> http://launchpad.net/keystone.

The API we just put out there is still a proposal. We're going to be focusing on the implementation, but would still love to get community input, feedback, and participation.

Have a great weekend and regards to all,

Ziad





Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse at rackspace.com<mailto:abuse at rackspace.com>, and delete the original message.
Your cooperation is appreciated.


_______________________________________________
Mailing list: <https://launchpad.net/~openstack> https://launchpad.net/~openstack
Post to     : <mailto:openstack at lists.launchpad.net> openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Unsubscribe : <https://launchpad.net/~openstack> https://launchpad.net/~openstack
More help   : <https://help.launchpad.net/ListHelp> https://help.launchpad.net/ListHelp

Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse at rackspace.com<mailto:abuse at rackspace.com>, and delete the original message.
Your cooperation is appreciated.


_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net> Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp


Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse at rackspace.com, and delete the original message.
Your cooperation is appreciated.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20110611/54d0bc4a/attachment.html>