openstack-manuals

V3 Identity API: No documented reason not to fallback to a domain token

Bug #1214576 reported by justinsb
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-manuals
Fix Released
Medium
Dolph Mathews

Bug Description

(Continuing my cleanup of bugs to differentiate the root cause from a proposed solution)

The V3 Identity API does not document a reason why we don't return a domain token, when we currently fallback to returning an unscoped token.

This causes confusion.

Revision history for this message
Dolph Mathews (dolph) wrote :

I think what's lacking from the v3 API documentation (and would resolve this) is explicit use cases for unscoped tokens, project-scoped tokens, and domain-scoped tokens. They *should* be very distinct concepts, so (to analogize..) it might be better to explain what hammers and screwdrivers are used for, rather than why to explain you shouldn't try to substitute one for the other.

Revision history for this message
justinsb (justin-fathomdb) wrote :

That would be great. I've explained in the other bug why I think there would be huge benefits if we could unify unscoped + domain scoped tokens. So all we need is an example where we absolutely can't interchange them, i.e. a use case that requires breaking compatibility. Then I'll be quiet :-)

Revision history for this message
justinsb (justin-fathomdb) wrote :

Any thoughts on an example dolph?

Revision history for this message
Dolph Mathews (dolph) wrote :

Sorry, I've been focusing on the havana release, but I'll take a stab at this soon

affects: keystone → openstack-api-site
Changed in openstack-api-site:
importance: Undecided → Low
tags: added: identity-api
Tom Fifield (fifieldt)
Changed in openstack-api-site:
milestone: none → havana
status: New → Confirmed
Revision history for this message
Diane Fleming (diane-fleming) wrote :

backport: havana

Changed in openstack-api-site:
milestone: havana → icehouse
Diane Fleming (diane-fleming)
Changed in openstack-api-site:
milestone: icehouse → none
Atsushi SAKAI (sakaia)
tags: added: keystone
Dolph Mathews (dolph)
Changed in openstack-api-site:
assignee: nobody → Dolph Mathews (dolph)
Revision history for this message
Anne Gentle (annegentle) wrote :

I think this level of conceptual info belongs in the keystone-specs API documents: http://specs.openstack.org/openstack/keystone-specs/

no longer affects: openstack-api-site
Revision history for this message
Anne Gentle (annegentle) wrote :

This also makes sense to go into the Cloud Admin Guide in the openstack-manuals repo.

no longer affects: keystone
Changed in openstack-manuals:
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Dolph Mathews (dolph)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to openstack-manuals (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/290848

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-manuals (master)

Fix proposed to branch: master
Review: https://review.openstack.org/290874

Changed in openstack-manuals:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to openstack-manuals (master)

Reviewed: https://review.openstack.org/290848
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=eaf0b7f366affa2d16c0e4ec712e0aafb9aaa369
Submitter: Jenkins
Branch: master

commit eaf0b7f366affa2d16c0e4ec712e0aafb9aaa369
Author: Dolph Mathews <email address hidden>
Date: Wed Mar 9 20:58:03 2016 +0000

    Refactor the Keystone token providers page

    This refactor makes the page a bit more generic to match file filename,
    such that additional content can be added beyond just information about
    the various token providers (such as authorization scopes!).

    Change-Id: I4c65f2ffd718caa37f0d3ad217b432a5aae9e368
    Related-Bug: 1214576

Changed in openstack-manuals:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-manuals (master)

Reviewed: https://review.openstack.org/290874
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=3e520bc8282e3e3454a6f407c83c12e89384bc14
Submitter: Jenkins
Branch: master

commit 3e520bc8282e3e3454a6f407c83c12e89384bc14
Author: Dolph Mathews <email address hidden>
Date: Wed Mar 9 21:56:39 2016 +0000

    Add docs for different Keystone token scopes

    Change-Id: I02155445a84a8019fbae270167019d314191a130
    Closes-Bug: 1214576

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-manuals 15.0.0

This issue was fixed in the openstack/openstack-manuals 15.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.