OpenStack Identity (keystone)

Token and scope documentation needs an update

Bug #1757151 reported by Lance Bragstad on 2018-03-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	Lance Bragstad	OpenStack Identity (keystone) stein-2

Bug Description

We have a document in our administrator guide that describes what tokens are, different scope types, and token providers [0]. While this is good information, we could elaborate on it a bit more to make the document even more useful:

- Different types of scopes should have examples (e.g. project-scope == instance management)
- Remove references to the UUID token provider, which has already been removed
- Consider breaking the Authorization Scopes section out of the admin guide and into the user guide (it contains information that would be useful for end users as well as operators)

We get comments from developers of other services about how scopes work (See Michael's comment in patch set 8 [1]). I think most people close to the system-scope work understand it because we've been exposed to the problem for so long and are familiar with the implementation. It'd be nice to work a fresh perspective into the Authorization Types document, or even have a separate document that explains the different scopes and how they relate to other services [2].

[0] https://docs.openstack.org/keystone/latest/admin/identity-tokens.html
[1] https://review.openstack.org/#/c/523973/
[2] https://docs.openstack.org/keystone/latest/contributor/services.html

See original description

Tags:

Lance Bragstad (lbragstad) on 2018-03-20

Changed in keystone:
status:	New → Triaged
importance:	Undecided → Medium
tags:	added: docu
tags:	added: documentation office-hours removed: docu

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-20: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/554581

Changed in keystone:
assignee:	nobody → Lance Bragstad (lbragstad)
status:	Triaged → In Progress

Lance Bragstad (lbragstad) on 2018-03-20

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-20: Related fix proposed to keystone (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/554727

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-03-23: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/554581
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c402691371a2898b4b67a679de3c8efbd28f330f
Submitter: Zuul
Branch: master

commit c402691371a2898b4b67a679de3c8efbd28f330f
Author: Lance Bragstad <email address hidden>
Date: Tue Mar 20 15:00:15 2018 +0000

Remove references to UUID from token documentation

Support for the UUID token provider was removed when the Rocky cycle
opened for development:

I76d5c29f6b1572ee3ec7f2b1af63ff31572de2ce

This commit removes references to the UUID token provider from the
token provider documentation.

Change-Id: I85aa4eac1098628f090b3e95a9234bc5777d274d
Partial-Bug: 1757151

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-11-20:

Reviewed: https://review.openstack.org/554727
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=a383867cdb044bf5ea59fbc28afd9beefcb1ee33
Submitter: Zuul
Branch: master

commit a383867cdb044bf5ea59fbc28afd9beefcb1ee33
Author: Lance Bragstad <email address hidden>
Date: Tue Mar 20 22:52:27 2018 +0000

Add scope documentation for service developers

    We have a document that attempts to help describe keystone concepts
    to other OpenStack developers. Now that we've added system scope to
    keystone, it makes sense to refresh this document and make it more
    helpful for services.

This should help services consume various scopes to protect APIs at
various levels (project, domain, system, et cetera).

Change-Id: I1a92ed0b6bbba44d1050a857c3609d918bb25b86
Closes-Bug: 1757151

Changed in keystone:
status:	In Progress → Fix Released

Lance Bragstad (lbragstad) on 2019-01-28

Changed in keystone:
milestone:	none → stein-2

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-21: Fix included in openstack/keystone 15.0.0.0rc1

This issue was fixed in the openstack/keystone 15.0.0.0rc1 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.