[Openstack] Keystone: is revoke token API "officially" supported

Jorge Williams jorge.williams at rackspace.com
Thu Jan 26 23:45:42 UTC 2012 

Okay just to make things clear...

Totally agree with everything you said.  I don't think we should just put the functionality in core.  The safest thing to do is to put it in a separate extension rather than modifying the existing management extension.   The safest thing to do is also to move the functionality to a separate URI space as well.  If you do all of this you will have no chance  of breaking clients or of running into future conflicts.

I'm glad to see you protecting the contract :-)

Having said all of that.  This *particular* change is not likely to break folks because it introduces new functionality rather than changing existing functionality and I don't think that conflicts with DELETE token are very likely.

-jOrGe W.


On Jan 26, 2012, at 5:29 PM, Ziad Sawalha wrote:

A) It sounds like yore making an assumption about what the type of client is. Some clients use WADL to generate stubs or validate contracts. Consider clients like JAX-RS/CXF clients? If you change the WADL, you've changed the contract. Like I said, I think this would be an edge case, but a key reason we offer API contracts is to allow for predictability from the client side. You break that is you change then contract.

B) No, the HTTP call would not change. An alternative would be for us to add this to OS-KSVALIDATE which we just shipped. The call would then be:

DELETE /OS-KSVALIDATE/token
X-Auth_token: …
X-Subject-Token: {token_id}


From: Dolph Mathews <dolph.mathews at gmail.com<mailto:dolph.mathews at gmail.com>>
Date: Thu, 26 Jan 2012 17:17:12 -0600
To: Ziad Sawalha <ziad.sawalha at rackspace.com<mailto:ziad.sawalha at rackspace.com>>
Cc: Jorge Williams <jorge.williams at rackspace.com<mailto:jorge.williams at rackspace.com>>, Dolph Mathews <dolph.mathews at gmail.com<mailto:dolph.mathews at gmail.com>>, "Yee, Guang" <guang.yee at hp.com<mailto:guang.yee at hp.com>>, "openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>(openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>)" <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>
Subject: Re: [Openstack] Keystone: is revoke token API "officially" supported

A) This wasn't documented at all (AFAIK), so there's no concern of breaking contracts.

B) Even if it's moved to an extension, would the call change from it's current form?:

    DELETE /tokens/{token_id}

I'm not sure what the extension convention is here.

-Dolph Mathews

On Jan 26, 2012, at 4:39 PM, Ziad Sawalha <ziad.sawalha at rackspace.com<mailto:ziad.sawalha at rackspace.com>> wrote:

If a client has bound to the contract XSD, they will break if we add this, won't they?

But… I don't know how many clients would have bound to the OS-KSADM contracts. We've been diligent and strict about not changing the core contract, but this is the first time we've been presented with a change to an extension like this.

I'd still lean towards the "correct" practice of adding this as another extension. Especially since that extension would only be adding a new method on an existing resource, so would not require complex naming changes…

Open to alternative points of view..

Z


From: Jorge Williams <jorge.williams at rackspace.com<mailto:jorge.williams at rackspace.com>>
Date: Thu, 26 Jan 2012 13:36:13 -0600
To: Dolph Mathews <dolph.mathews at gmail.com<mailto:dolph.mathews at gmail.com>>
Cc: "Yee, Guang" <guang.yee at hp.com<mailto:guang.yee at hp.com>>, "openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net> (openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>)" <openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>>, Ziad Sawalha <ziad.sawalha at rackspace.com<mailto:ziad.sawalha at rackspace.com>>
Subject: Re: [Openstack] Keystone: is revoke token API "officially" supported

Moving it to an extension makes sense to me.  Ziad, does it make sense to add it to OS-KSADM...or is this a different extension all together...revoke token extension?

-jOrGe W.

On Jan 26, 2012, at 11:43 AM, Dolph Mathews wrote:

It is definitely not a documented call (hence the "should this be removed?" comment in the implementation); if it were to be "promoted" from undocumented to an extension, I imagine it would belong in OS-KSADM.

- Dolph

On Thu, Jan 26, 2012 at 10:51 AM, Yee, Guang <guang.yee at hp.com<mailto:guang.yee at hp.com>> wrote:
I see it implemented in the code as

DELETE /v2.0/tokens/{tokenId}

But it doesn’t appear to be documented in any of the WADLs.


Thanks!

Guang


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack at lists.launchpad.net<mailto:openstack at lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120126/68a7c898/attachment.html>

More information about the Openstack mailing list