Identity API 2.0: tenantid required, email optional

tenantId is NOT required when creating a user; having a tenantId on a user establishes the user's default tenancy when authenticating (if a tenant is not specified), which is an entirely optional behavior (and not really recommended by the keystone community).

I'm trying out the API and came across the following behaviour:

I didn’t see doc about this, so I’m wondering is this a bug or a feature?

If I introduce non existing field to the json request body when using the identity add user API(POST v2.0/users http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_addUser_v2.0_users_User_Operations_OS-KSADM.html), it get added without error.

I tested on a DevStack installation of OpenStack

curl -X POST -H "X-Auth-Token: Xx1=" -d '{"user":{"name":"name_6","pass-none-exist":"test-none-exist","non-existing":"non-existing", "anything-bool":false}}' -H 'Content-type: application/json' http://130.102.155.7:35357/v2.0/users

Get the response:
{"user": {"name": "name_6", "pass_none_exist": "test-none-exist", "enabled": true, "non_existing": "non-existing", "anything_bool": false, "id": "2fb0955de04b481ab39dd393837cd8b4"}}

Checking using command line tool
keystone user-get name_6

+-----------------+----------------------------------+
| Property | Value |
+-----------------+----------------------------------+
| anything_bool | False |
| enabled | True |
| id | 2fb0955de04b481ab39dd393837cd8b4 |
| name | name_6 |
| non_existing | non-existing |
| pass_none_exist | test-none-exist |
+-----------------+----------------------------------+

now I can’t really tell what is allowed and what is not…

Miranda: that's basically an undocumented "feature" that we shipped with in essex, and we've supported it ever since. I share the same concern about it as you, and I'd like to see a way to turn it off (e.g. keystone.conf [DEFAULT] enable_strict_api = True), but that's just a wishlist item. It *is* intended behavior, and it's actually how we "support" the `email` attribute on users, for example (that's not an attribute specified by the v3 API at all).

Fix proposed to branch: master
Review: https://review.openstack.org/71501

You mention you can't find the source for a particular html output file. Typically the xml:id maps directly to the name of the html file. So I did a search:

grep -r "d1e1356" .
./openstack-identity-api/v2.0/src/docbkx/admin/identity-service-api.xml: xml:id="Admin_API_Service_Developer_Operations-d1e1356"

Please edit /openstack-identity-api/v2.0/src/docbkx/admin/identity-service-api.xml so this bug can be closed.

I think I have changed the right place, because
/openstack-identity-api/v2.0/src/docbkx/admin/identity-service-api.xml
id="Admin_API_Service_Developer_Operations-d1e1356"

corresponding to the page
http://docs.openstack.org/api/openstack-identity-service/2.0/content/Admin_API_Service_Developer_Operations-d1e1356.html

however it doesn't seem to have "add user" info in this page, on the left side menu, if you go down on level, to 4->OS-KSADM Admin Extension->Add User, you come to the page
http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_addUser_v2.0_users_User_Operations_OS-KSADM.html
Which is the page I updated in the patch.

Reviewed: https://review.openstack.org/71501
Committed: https://git.openstack.org/cgit/openstack/identity-api/commit/?id=66199d7da12d00eca3b48c497265e2d5c03ce1e4
Submitter: Jenkins
Branch: master

commit 66199d7da12d00eca3b48c497265e2d5c03ce1e4
Author: Miranda Zhang <email address hidden>
Date: Thu Feb 6 12:06:40 2014 +0000

    Add and Correct info on add user API usage

    Page coresponding to source file change:
    http://docs.openstack.org/api/openstack-identity-service/2.0/
    content/POST_addUser_v2.0_users_User_Operations_OS-KSADM.html

    Source of info:
    http://docs.rackspace.com/auth/api/v2.0/auth-client-devguide/
    content/POST_addUser_v2.0_users_User_Calls.html

    http://docs.openstack.org/grizzly/openstack-compute/install/
    yum/content/setting-up-tenants-users-and-roles-manually.html

    https://computing.seas.harvard.edu/display/CLOUD/
    Add+a+user+to+OpenStack

    http://turing.suse.de/~aj/cli-reference/content/
    keystoneclient_commands.html

    Corrections(tested with DevStack installation)

    username/user should be name
    the only required field

    Optional fields:
    password / OS-KSADM:password

    enabled <true|false>

    tenantId
    warning tenant/tenant-id/tenant_id won't work

    email
    customized fields

    Change-Id: I9db725a4138e0161bf0a0c2b8d86b7424aa3099a
    Closes-Bug: #1171510