OpenStack Identity (keystone)

Keystone v3 api has some duplicate url apis

Bug #1126048 reported by Henry Nash on 2013-02-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	High	Henry Nash	OpenStack Identity (keystone) 2013.1 "grizzly"

Bug Description

The current api spec contains both:

GET /domains/{domain_id}/users

as well as

GET /users.....with query filter, e.g.:
GET /users?domain_id="my domain"

The same is true for projects.

We should just support the method of using a query filter if the attribute is a first class attribute on the entity in question. This would mean we should remove:

GET /domains/{domain_id}/users
GET /domains/{domain_id}/projects

but keep, for instance:

GET /users/{user_id}/projects
.....since the result of this call could not obtained by searching the project entities for user_id, i.e.
GEt /projects?user_id="my user"
....does not give you what you want.

We should fix this before Grizzly, otherwise we'll be supporting duplicate calls for a long time.

Henry Nash (henry-nash) on 2013-02-15

Changed in keystone:
assignee:	nobody → Henry Nash (henry-nash)

Henry Nash (henry-nash) on 2013-02-16

Changed in keystone:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-02-18: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/22223

OpenStack Infra (hudson-openstack) on 2013-02-20

Changed in keystone:
assignee:	Henry Nash (henry-nash) → Dolph Mathews (dolph)

OpenStack Infra (hudson-openstack) on 2013-02-20

Changed in keystone:
assignee:	Dolph Mathews (dolph) → Henry Nash (henry-nash)

Thierry Carrez (ttx) on 2013-02-21

Changed in keystone:
milestone:	none → grizzly-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-02-21: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/22223
Committed: http://github.com/openstack/keystone/commit/329aeca9f9db4badc82d72907e7891c7d2de2f4b
Submitter: Jenkins
Branch: master

commit 329aeca9f9db4badc82d72907e7891c7d2de2f4b
Author: Henry Nash <email address hidden>
Date: Mon Feb 18 10:29:43 2013 +0000

Pass query filter attributes to policy engine

    With the v3 api, there will be cases when a cloud provider will want
    to be able to protect apis by matching items in the query filter
    string. A classic case would be:

GET /users?domain_id=mydomain

    The change augments the v3 controller protection wrapper with one
    that will also pass in filter parameters. Since this filter list
    also equates to the filter_by_attribute code that the subsequent
    api call will make, the filterprotection wrapper passes the filter
    list into the api call, allowing the code body to not have to
    re-specify the same list. This also has the consequency of fixing
    all the missing filter_by_attribute statements in the current code
    base.

Some tests cannot yet be run due to dependency on completion of
v3/auth

Fixes Bug #1126048
Fixes Bug #1101240

Change-Id: Ibd9867f6eed585414671bbab774df95b8acdf6a5

Changed in keystone:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-02-21

Changed in keystone:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-04-04

Changed in keystone:
milestone:	grizzly-3 → 2013.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.