[Openstack] [Keystone] How to restrict the returned service endpoints to client ?

Kuo Hugo tonytkdk at gmail.com
Wed Aug 14 17:12:14 UTC 2013 

Hi Miller,

Do you mean the enabled (boolean) optional attribute  in this section
Endpoints<https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3.md#endpoints-v3endpoints>
?
If so, that's for disabling a particular endpoint rather than masking an
endpoint for particular user/tenant.

Thanks
Hugo


+Hugo Kuo+
hugo at swiftstack.com
tonytkdk at gmail.com
+886 935004793


2013/8/15 Miller, Mark M (EB SW Cloud - R&D - Corvallis) <
mark.m.miller at hp.com>

>  Yes there is. Refer the endpoint section of the Identity v3
> documentation:
> https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3.md
> ****
>
> ** **
>
> Mark****
>
> ** **
>
> *From:* Kuo Hugo [mailto:tonytkdk at gmail.com]
> *Sent:* Wednesday, August 14, 2013 1:37 AM
> *To:* openstack at lists.openstack.org
> *Subject:* [Openstack] [Keystone] How to restrict the returned service
> endpoints to client ?****
>
> ** **
>
> Hi folks, ****
>
> ** **
>
> Is there a way to specify the particular service endpoints been returned
> to user? ****
>
> ** **
>
> ** **
>
> *[Scenario 1]*****
>
>  There're Nova / Glance / Swift / Keystone services defined in service
> table. ****
>
> Also the relevant endpoints for each service. ****
>
> Let's say ****
>
>  User:foo****
>
>  Tenant: tenant-foo****
>
>   ** **
>
> Is it possible to return only Nova's endpoint in the json to the user foo
> ? I don't want foo to get other service's endpoint. ****
>
>  ** **
>
> ** **
>
> *[Scenario 2] *****
>
>  There're multiple Swift clusters authenticate users by a single
> keystone. ****
>
> ** **
>
> Swift clusters: ****
>
> name:swift1  ****
>
>  name:swift2  ****
>
>  Let's say ****
>
> User:foo ****
>
>  Tenant: tenant-foo****
>
>  ** **
>
>  User:bar****
>
>  Tenant: tenant-bar****
>
>  ** **
>
> Is there a way to return swift1's endpoint to foo and swift2's endpoint to
> bar ? ****
>
> I'm not sure if keystoneI should have two regions of endpoints for each
> swift cluster or two services.****
>
>  ** **
>
> ** **
>
> Appreciate~****
>
> ** **
>
> +Hugo Kuo+****
>
> hugo at swiftstack.com****
>
> tonytkdk at gmail.com
> ****
>
> +886 935004793****
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130815/25a39a8e/attachment.html>

More information about the Openstack mailing list