[openstack-dev] Keystone OS-EP-FILTER descrepancy

Miller, Mark M (EB SW Cloud - R&D - Corvallis) mark.m.miller at hp.com
Tue Oct 8 20:30:27 UTC 2013


Here is the response from Fabio:

Mark,
  Please have a look at the configuration.rst in the contrib/endpoint-filter folder.
I pasted here for your convenience:

==================================
Enabling Endpoint Filter Extension
==================================To enable the endpoint filter extension:
1. add the endpoint filter extension catalog driver to the ``[catalog]`` section
   in ``keystone.conf``. example::

    [catalog]
    driver = keystone.contrib.endpoint_filter.backends.catalog_sql.EndpointFilterCatalog
2. add the ``endpoint_filter_extension`` filter to the ``api_v3`` pipeline in
   ``keystone-paste.ini``. example::

    [pipeline:api_v3]
    pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension endpoint_filter_extension service_v3
3. create the endpoint filter extension tables if using the provided sql backend. example::
    ./bin/keystone-manage db_sync --extension endpoint_filter
4. optional: change ``return_all_endpoints_if_no_filter`` the ``[endpoint_filter]`` section
   in ``keystone.conf`` to return an empty catalog if no associations are made. example::
    [endpoint_filter]
    return_all_endpoints_if_no_filter = False


Steps 1-3 are mandatory. Once you have done the changes restart the keystone-server to apply the changes.

The /v3/auth/tokens?nocatalog is to remove the catalog from the token creation.
It is different from the filtering because it won't return any endpoint in the service catalog. The endpoint filter will return only the ones that you have associated with a particular project.
Please bear in mind that this works only with scoped token (meaning where you pass a project id).






> -----Original Message-----
> From: Miller, Mark M (EB SW Cloud - R&D - Corvallis)
> Sent: Tuesday, October 08, 2013 1:21 PM
> To: OpenStack Development Mailing List
> Subject: [openstack-dev] Keystone OS-EP-FILTER descrepancy
> 
> Hello,
> 
> I am attempting to test the Havana v3  OS-EP-FILTER extension with the
> latest RC1 bits and I get a 404 error response.
> 
> The documentation actually shows 2 different URIs for this API:
> 
> 	- GET /OS-EP-FILTER/projects/{project_id}/endpoints and
> http://identity:35357/v3/OS-FILTER/projects/{project_id}/endpoints
> 
> I have tried both "OS-EP-FILTER" and "OS-FILTER" with the same result. Does
> anyone have information as to what I am missing?
> 
> Regards,
> 
> Mark Miller
> 
> -------------
> 
> From the online documentation:
> 
> List Associations for Project: GET /OS-EP-
> FILTER/projects/{project_id}/endpoints
> 
> Returns all the endpoints that are currently associated with a specific project.
> 
> Response:
> Status: 200 OK
> {
>     "endpoints":
>     [
>         {
>             "id": "--endpoint-id--",
>             "interface": "public",
>             "url": "http://identity:35357/",
>             "region": "north",
>             "links": {
>                 "self": "http://identity:35357/v3/endpoints/--endpoint-id--"
>             },
>             "service_id": "--service-id--"
>         },
>         {
>             "id": "--endpoint-id--",
>             "interface": "internal",
>             "region": "south",
>             "url": "http://identity:35357/",
>             "links": {
>                 "self": "http://identity:35357/v3/endpoints/--endpoint-id--"
>             },
>             "service_id": "--service-id--"
>         }
>     ],
>     "links": {
>         "self": "http://identity:35357/v3/OS-
> FILTER/projects/{project_id}/endpoints",
>         "previous": null,
>         "next": null
>     }
> }
> 
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list