openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #02856
Re: OpenStack Identity: Keystone API Proposal
I've updated the dev guide with your suggestions:
- Section 4.4 explains the GET /tenants call needs to be authenticated and the examples now show passing in the authentication header.
- Section 5.2.1 is new and talks about authenticating for the Admin API and puts in a reference for bootstrapping the system (creating a first administrator). Here, I've left it as a reference to the admin guide which is yet to be developed (jaypipes volunteered to help us create that in RST), but I also refer to the readme which today has instructions for setting up your Keystone instance.
Let me know if that gets you going, Andi.
Regards,
Ziad
From: Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx<mailto:ziad.sawalha@xxxxxxxxxxxxx>>
Date: Sat, 11 Jun 2011 14:44:12 +0000
To: Andiabes <andi.abes@xxxxxxxxx<mailto:andi.abes@xxxxxxxxx>>
Cc: "openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>" <openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>>
Subject: Re: [Openstack] OpenStack Identity: Keystone API Proposal
Your guess is correct. The only calls you should be able to make without having a token are the calls to discover the service (getting version info, WADL contract, dev guide, help, etc…) and to get a token. After that, all other calls require passing in a token.
On the Admin APIs, the token passed in must have the necessary administrative privileges.
To bootstrap Keystone with a blank identity store, you can execute bin/keystone-manage to create your initial administrative identity(ies).
If you use the sample data creation script provided, it will create an admin user (and create a token for that user) which you can use.
We'll clarify that in the dev guide.
Thanks Andi
Ziad
From: Andiabes <andi.abes@xxxxxxxxx<mailto:andi.abes@xxxxxxxxx>>
Date: Fri, 10 Jun 2011 21:08:18 -0400
To: Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx<mailto:ziad.sawalha@xxxxxxxxxxxxx>>
Cc: "openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>" <openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>>
Subject: Re: [Openstack] OpenStack Identity: Keystone API Proposal
It might be useful to include in the API guide some information about authentication to keystone itself. I.e when requesting a list of users,tenants etc the requestor should somehow authenticate itself
I'm guessing that the flow involve acquiring a token that authenticates the user to keystone as a user who has privileges to manage the relevant entities.?
Sent from my iPad
On Jun 10, 2011, at 7:24 PM, Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx<mailto:ziad.sawalha@xxxxxxxxxxxxx>> wrote:
Time flies! It's June 10th already. In my last email to this community I had proposed today as the day to lock down the Keystone API so we can finalize implementation by Diablo-D2 (June 30th).
We've been working on this feverishly over the past couple of weeks and have just pushed out a proposed API here:<https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf>https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf
For any and all interested, the original source and code is on Github (<https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf>https://github.com/rackspace/keystone), along with the current implementation of Keystone, examples, sample data, tests, instructions, and all the goodies we could muster to put together. The project also lives on Launchpad at <http://launchpad.net/keystone> http://launchpad.net/keystone.
The API we just put out there is still a proposal. We're going to be focusing on the implementation, but would still love to get community input, feedback, and participation.
Have a great weekend and regards to all,
Ziad
Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse@xxxxxxxxxxxxx<mailto:abuse@xxxxxxxxxxxxx>, and delete the original message.
Your cooperation is appreciated.
_______________________________________________
Mailing list: <https://launchpad.net/~openstack> https://launchpad.net/~openstack
Post to : <mailto:openstack@xxxxxxxxxxxxxxxxxxx> openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : <https://launchpad.net/~openstack> https://launchpad.net/~openstack
More help : <https://help.launchpad.net/ListHelp> https://help.launchpad.net/ListHelp
Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse@xxxxxxxxxxxxx<mailto:abuse@xxxxxxxxxxxxx>, and delete the original message.
Your cooperation is appreciated.
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx> Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse@xxxxxxxxxxxxx, and delete the original message.
Your cooperation is appreciated.
Follow ups
References