[openstack-dev] [all] making project_id optional in API URLs

Adam Young ayoung at redhat.com
Tue Dec 8 22:59:53 UTC 2015


On 12/08/2015 05:55 PM, michael mccune wrote:
> On 12/03/2015 12:06 PM, Sean Dague wrote:
>> So, for Cinder, Glance, Ironic, Manila, Magnum (and others I might have
>> missed) where are you standing on this one? And are there volunteers in
>> those projects to help move this forward?
>
> i'm +1 for removing the project_id from the url.


I think it is kindof irrelevant.  It can be there or not be there in the 
URL itself, so long as it does not show up in the service catalog. From 
an policy standpoint, having the project in the URL means that you can 
do an access control check without fetching the object from the 
database; you should, however, confirm that the object return belongs to 
the project at a later point.

>
> sahara uses it in the url for the v1 and v1.1 apis, but we are 
> planning to remove it for the v2 api[1].
>
> mike
>
> [1]: https://review.openstack.org/#/c/212172/
>
>
> __________________________________________________________________________ 
>
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: 
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




More information about the OpenStack-dev mailing list