Open Stack

I've just dropped in place a bunch of developer documentation (RST) for Keystone - one in, one pending (https://review.openstack.org/#change,1089). Making these docs  brought up a number of questions that I wasn't able to answer. I want to put more context around the commands and concepts for the reader prior to updating the docbook documentaiton. Joe Savak suggested on IRC that I just drop them out here to the list, so here goes:

If any of these are "just bugs", let me know and I'll file them.

Q: Why is an administrative service token bound to a tenant?
Right now, keystone-manage to create an administrative service token, the token which in turn is configured into nova, swift, glance, and dashboard, requires a tenant - but as I understand tenant that doesn't make sense - as the various services all serve more than one tenant.

Q: How do you remove a service?

Q: How do you remove an EndpointTemplate?

Q: What's the purpose of a "role" prior to RBAC 
Is it really just relevant for the Keystone administrative API, but more coming online later with the RBAC work? Does any role based link between a user and a tenant allow that user to get a scoped token for that tenant?

Q: How do you remove a role?

Q: What's the keystone-manage command for "credential add" do? There's also no corresponding delete or disable - is this password update for the passwords that are set on "keystone-manage user add"? If not, how are those passwords updated?

Q: What are "type" and "key" as related to "credential add" command, and what are they intended to do?

Q: Why isn't there a "user delete" and a "tenant delete"? Is this a "just haven't gotten to it yet" bug?

-joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20111025/cbe01f21/attachment.html>