[Openstack] [Keystone] How to restrict the returned service endpoints to client ?

Miller, Mark M (EB SW Cloud - R&D - Corvallis) mark.m.miller at hp.com
Wed Aug 14 16:03:28 UTC 2013

Yes there is. Refer the endpoint section of the Identity v3 documentation: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3.md


From: Kuo Hugo [mailto:tonytkdk at gmail.com]
Sent: Wednesday, August 14, 2013 1:37 AM
To: openstack at lists.openstack.org
Subject: [Openstack] [Keystone] How to restrict the returned service endpoints to client ?

Hi folks,

Is there a way to specify the particular service endpoints been returned to user?

[Scenario 1]
There're Nova / Glance / Swift / Keystone services defined in service table.
Also the relevant endpoints for each service.
Let's say
Tenant: tenant-foo

Is it possible to return only Nova's endpoint in the json to the user foo ? I don't want foo to get other service's endpoint.

[Scenario 2]
There're multiple Swift clusters authenticate users by a single keystone.

Swift clusters:
Let's say
Tenant: tenant-foo

Tenant: tenant-bar

Is there a way to return swift1's endpoint to foo and swift2's endpoint to bar ?
I'm not sure if keystoneI should have two regions of endpoints for each swift cluster or two services.


+Hugo Kuo+
hugo at swiftstack.com<mailto:hugo at swiftstack.com>
tonytkdk at gmail.com
<mailto:tonytkdk at gmail.com>
+886 935004793
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130814/32198e7a/attachment.html>

More information about the Openstack mailing list