[openstack-dev] V3 credentials API
Dolph Mathews
dolph.mathews at gmail.com
Fri Jan 11 22:18:45 UTC 2013
As Guang pointed out, valid types are really a contract between our
consumers, and the API spec can't possibly define an exhaustive list for
the implementation to validate against.
However, this could simply be configurable per deployment, e.g.:
valid_credential_types = ec2,cert
and then (excuse the pseudocode):
assert credential.type in CONF.valid_credential_types.split(',')
-Dolph
On Thu, Jan 10, 2013 at 11:44 PM, Yee, Guang <guang.yee at hp.com> wrote:
> The spec also mentioned****
>
> ** **
>
> “A specific implementation may determine the list of supported types.”****
>
> ** **
>
> I think Haneef is coming from the interoperability angle. I am guessing
> other types will be treated as extensions once the (xml/json) schema is
> solidify?****
>
> ** **
>
> Since project_id is optional, if you want a credential that works across
> all projects, then don’t set the project_id. Problem would be if you have
> one of those and one that is tight to the project, which one to choose?
> Probably want the one that is tight to the project first.****
>
> ** **
>
> ** **
>
> Guang****
>
> ** **
>
> ** **
>
> *From:* Dolph Mathews [mailto:dolph.mathews at gmail.com]
> *Sent:* Thursday, January 10, 2013 2:20 PM
> *To:* OpenStack Development Mailing List
> *Subject:* Re: [openstack-dev] V3 credentials API****
>
> ** **
>
> Credentials are described in the v3 spec[1] and it was specifically
> designed to make the existing 'ec2' credential storage more generic (so to
> answer your question: yes, credentials are only valid only for that
> tenant).****
>
> ** **
>
> [1]:
> https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md#credentials-v3credentials
> ****
>
>
> ****
>
> ** **
>
> -Dolph****
>
> ** **
>
> On Thu, Jan 10, 2013 at 3:29 PM, Ali, Haneef <haneef.ali at hp.com> wrote:***
> *
>
> Hi,****
>
> ****
>
> In V3 api credentials is associated with projectId. What is the use case
> for it? Does this mean a user can access that tenant using only that
> credentials or that credentials is valid only for that tenant?****
>
> ****
>
> Also credentials has a “type” attribute. It will be useful if keystone
> defines some standard credential types. e.g It will cause confusion if
> one user creates ‘ec2” credential with type “ec2” and anointer one
> creates with type “AmazonEC2”.****
>
> ****
>
> ****
>
> Thanks****
>
> Haneef****
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev****
>
> ** **
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130111/45903365/attachment.html>
More information about the OpenStack-dev
mailing list