OpenStack Identity (keystone)

GET /tokens/:id should not have a root of "access"

Bug #855216 reported by Ziad Sawalha
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Opinion
Low
Yogeshwar

Bug Description

The response should be just the token object. The "access" at the root of the response for the POST is only for that call which returns more than the token.

Revision history for this message
Yogeshwar (yogesh-srikrishnan) wrote :

v2.0/tokens/{tokenId}?belongsTo=string => This is how the call is structured right now.
Current response as per our doc is

<?xml version="1.0" encoding="UTF-8"?>
<access xmlns="http://docs.openstack.org/identity/api/v2.0">
<token expires="2010-11-01T03:32:15-05:00"
id="ab48a9efdfedb23ty3494"/>
<user id="123" username="jqsmith">
<roles xmlns="http://docs.openstack.org/identity/api/v2.0">
<role id="123" name="Admin" tenantId="one"/>
<role id="234" name="object-store:admin" tenantId="1"/>
</roles>
</user>
</access>

Are we not going to return the user and roles block? Would the response just have

<token expires="2010-11-01T03:32:15-05:00"
id="ab48a9efdfedb23ty3494"/>

Revision history for this message
Carlos Marin (carlos-marin-d) wrote :

If response is going to be:

 <token expires="2010-11-01T03:32:15-05:00" id="ab48a9efdfedb23ty3494"/>

we'll need to update the token XSD.

Revision history for this message
Yogeshwar (yogesh-srikrishnan) wrote :

I dont think we would stop returning user and roles when a validate token call is made.
This what I think the response would be in case we want the call to return the roles as well

<token expires="2010-11-01T03:32:15-05:00"
id="ab48a9efdfedb23ty3494">
<user id="123" username="jqsmith">
<roles xmlns="http://docs.openstack.org/identity/api/v2.0">
<role id="123" name="Admin" tenantId="one"/>
<role id="234" name="object-store:admin" tenantId="1"/>
</roles>
</user>
</roles>
</token>
I have locally done the xsd changes.Iam waiting for Ziad to confirm.

Revision history for this message
Dolph Mathews (dolph) wrote :

While I'm in favor of this change as an improvement to /tokens in general, it also illustrates the growing scope bloat of the /tokens resources.

Revision history for this message
Joe Savak (jsavak) wrote :

wait on essex for this - b/c nova client is working against the old method. Not for diablo.

Revision history for this message
Ziad Sawalha (ziad-sawalha) wrote :

I'm not suggesting we don't return the user or roles blocks. I just think that they should be under/inside the token block. Since I am doing a get on tokens, I should be getting back a token. And the user and roles blocks are data about the user OF the token and the roles that ONLY THIS TOKEN is granting.

Revision history for this message
Yogeshwar (yogesh-srikrishnan) wrote :

/post on token => should it also return Token just to be consistent and not access?
Some one is doing a POST on token and getting back access just like this case.

Revision history for this message
Joe Savak (jsavak) wrote :

Yogi - yes - it should be consistent between the two

Yogeshwar (yogesh-srikrishnan)
Changed in keystone:
assignee: nobody → Yogeshwar (yogesh-srikrishnan)
Revision history for this message
Yogeshwar (yogesh-srikrishnan) wrote :

Would be changing the XSD and WADL first.This change would also affect all the existing middleware components.Have started working.

Changed in keystone:
status: New → In Progress
Revision history for this message
Yogeshwar (yogesh-srikrishnan) wrote :

Looks like API change.Would take it for the next minor API change.

Changed in keystone:
importance: Undecided → Low
status: In Progress → Opinion
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.