[Openstack] Keystone API question
Luis Gervaso
luis at woorea.es
Thu May 3 23:27:18 UTC 2012
>From admin port I want to list the tenants a user (different from the
current user) belongs to.
On Fri, May 4, 2012 at 1:24 AM, Gabriel Hurley <Gabriel.Hurley at nebula.com>wrote:
> On the keystone admin port the tenants call will list all tenants
> (provided the token corresponds to a user who has admin privileges).****
>
> ** **
>
> **- **Gabriel****
>
> ** **
>
> *From:* openstack-bounces+gabriel.hurley=nebula.com at lists.launchpad.net[mailto:
> openstack-bounces+gabriel.hurley=nebula.com at lists.launchpad.net] *On
> Behalf Of *Luis Gervaso
> *Sent:* Thursday, May 03, 2012 1:24 PM
> *To:* Everett Toews
> *Cc:* openstack at lists.launchpad.net
> *Subject:* Re: [Openstack] Keystone API question****
>
> ** **
>
> Yes, this is the real issue.****
>
> ** **
>
> Since /tenants is only valid for the current user (that's X-Auth-Token
> dependant)****
>
> ** **
>
> How can an administrator user list all the tenants a user belongs to?****
>
> ** **
>
> Another issue i've detected is that endpoints are always dependant on a
> service,****
>
> may be i'm wrong but for me:****
>
> ** **
>
> /service/{service_id}/endpoints****
>
> ** **
>
> is more appropiate than****
>
> ** **
>
> /endpoints****
>
> ** **
>
> Dolph, please correct me****
>
> ** **
>
> Luis****
>
> ** **
>
> ** **
>
> On Thu, May 3, 2012 at 10:12 PM, Everett Toews <everett.toews at cybera.ca>
> wrote:****
>
> I get the same as Luis when trying GET /users/{user_id}/roles on
> stable/essex (using devstack). Keystone spits back an****
>
> ** **
>
> AttributeError: 'UserController' object has no attribute 'get_user_roles'*
> ***
>
> ** **
>
> message instead of a nice 501.****
>
> ** **
>
> GET /tenants/{tenant_id}/users/{user_id}/roles works fine. For a bit more
> detail have a look at****
>
> ** **
>
>
> http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_listRolesForUserOnTenant_v2.0_tenants__tenantId__users__user_id__roles_Admin_API_Service_Developer_Operations-d1e1356.html
> ****
>
> ** **
>
> Everett****
>
> ** **
>
> On Thu, May 3, 2012 at 9:34 AM, Dolph Mathews <dolph.mathews at gmail.com>
> wrote:****
>
> The philosophy in essex is that it's meaningless for a user to have a role
> without that role being applied to a tenant, so the call that's implemented
> is:****
>
> ** **
>
> GET /tenants/{tenant_id}/users/{user_id}/roles****
>
> ** **
>
> Calling this instead should get you an HTTP 501 stating "User roles not
> supported: tenant ID required".****
>
> ** **
>
> GET /users/{user_id}/roles****
>
> ** **
>
> Also, the term "roleRefs" was deprecated late in the diablo cycle (AFAIK)
> in favor of "roles".****
>
> ** **
>
> -Dolph****
>
> ** **
>
> On Wed, May 2, 2012 at 3:44 PM, Luis Gervaso <luis at woorea.es> wrote:****
>
> Hi,****
>
> ** **
>
> In Diablo was:****
>
> ** **
>
> GET /users/{user_id}/roleRefs
> ****
>
> ** **
>
> In Essex it is maintained for compatibility reasons. I understand that
> this is the obsolete now.****
>
> ** **
>
> I can find:****
>
> ** **
>
> PUT & DELETE /users/{user_id}/roles/OS-KSADM/{role_id}****
>
> ** **
>
> How can get all the roles having a user_id?****
>
> ** **
>
> GET /users/{user_id}/roles (i can't find this on stable/essex)****
>
> ** **
>
> Returning role list with tenant associated****
>
> ** **
>
> Another option that would work for me is:****
>
> ** **
>
> GET /users/{user_id}/tenants****
>
> ** **
>
> Returning tenant list with role list associated per tenant****
>
> ** **
>
> ** **
>
> When i GET /user/{user_id} i obtain only this info****
>
> ** **
>
> {"user": {"name": "admin", "enabled": true, "email": "admin at example.com",
> "id": "ef1e63df85b641d7bf3c575bb8670cef", "tenantId": null}}
> ****
>
> ** **
>
> Regards****
>
> ** **
>
> --
> -------------------------------------------
> Luis Alberto Gervaso Martin****
>
> Woorea Solutions, S.L
> CEO & CTO
> mobile: (+34) 627983344
> luis@ <luis.gervaso at gmail.com>woorea.es****
>
> ** **
>
> ** **
>
> ** **
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp****
>
> ** **
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp****
>
> ** **
>
>
>
> ****
>
> ** **
>
> --
> -------------------------------------------
> Luis Alberto Gervaso Martin****
>
> Woorea Solutions, S.L
> CEO & CTO
> mobile: (+34) 627983344
> luis@ <luis.gervaso at gmail.com>woorea.es****
>
> ** **
>
--
-------------------------------------------
Luis Alberto Gervaso Martin
Woorea Solutions, S.L
CEO & CTO
mobile: (+34) 627983344
luis@ <luis.gervaso at gmail.com>woorea.es
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120504/b78db248/attachment.html>
More information about the Openstack
mailing list