OpenStack Identity (keystone)

RFE: Use views effectively

Bug #1815972 reported by Lance Bragstad
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Won't Fix
Wishlist
Unassigned

Bug Description

(The description below was originally provided by Jamie Lennox as a blueprint)

Keystone has an unusual way of rendering objects that are used in responses.

1) The objects are returned directly from the driver layer, some links injected at the controller and then returned to the user. This means the backend driver has full control over the representation of objects. This is really bad form and doesn't help for people who are implementing their own drivers because they are capable of accidentally polluting the output and then relying on it.

2) The Controllers handle the links generation - however, there are more controllers than types. For example Projects are handled from the regular projects urls, auth urls, catalog urls and federation urls. To make this rendering work you then need to import the base projects controller into all these other places so that they can work. In some cases, this is done as a subclass which makes this harder. These could each be individual views that know how to render a project and then used where appropriate.

3) Because of the direct link from backend to user representation, it imposes a v3 representation on the objects in the database. These two things should not be equivalent. There is information that should be added and removed from objects before they are saved to the database and this direct representation means you have to have a lot of care. This also means there are a number of places that are doing a v3_to_v2 conversion - which should really just be 2 different representations of the same model.

4) Again because of the direct representation it is really difficult to audit the expected output of a resource. Often the authoritative source of what a resource looks like is the SQL Alchemy resource.

5) If we go down the micro version path this negotiation gets complicated and all mixed up with the representation layer.

We should remove response rendering from the controllers in favour of a views layer that is purely about rendering. This is a very standard pattern in web services.

See original description
Tags: rfe
Revision history for this message
Lance Bragstad (lbragstad) wrote :

Implementation of views for credentials: https://review.openstack.org/#/c/335423/

Changed in keystone:
status: New → Triaged
importance: Undecided → Wishlist
description: updated
Revision history for this message
Lance Bragstad (lbragstad) wrote :

Additional implementations: https://review.openstack.org/#/c/336357/

Revision history for this message
Lance Bragstad (lbragstad) wrote :

WIP review to make views work for different API versions [0], which is no longer necessary since keystone only supports v3 currently. This may be revisited in the future if we introduce a new API version.

[0] https://review.openstack.org/#/c/347561/

Lance Bragstad (lbragstad)
tags: added: rfe
Revision history for this message
Colleen Murphy (krinkle) wrote :

We dropped the V2 API, plus refactoring our API controllers to use Flask means that Flask now can handle all of the view rendering, so this work is not as important any more. Closing as won't fix, feel free to reopen if this is something that should be revisited.

Changed in keystone:
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.