← Back to team overview

openstack team mailing list archive

Re: Keystone: is revoke token API "officially" supported

 

Okay just to make things clear...

Totally agree with everything you said.  I don't think we should just put the functionality in core.  The safest thing to do is to put it in a separate extension rather than modifying the existing management extension.   The safest thing to do is also to move the functionality to a separate URI space as well.  If you do all of this you will have no chance  of breaking clients or of running into future conflicts.

I'm glad to see you protecting the contract :-)

Having said all of that.  This *particular* change is not likely to break folks because it introduces new functionality rather than changing existing functionality and I don't think that conflicts with DELETE token are very likely.

-jOrGe W.


On Jan 26, 2012, at 5:29 PM, Ziad Sawalha wrote:

A) It sounds like yore making an assumption about what the type of client is. Some clients use WADL to generate stubs or validate contracts. Consider clients like JAX-RS/CXF clients? If you change the WADL, you've changed the contract. Like I said, I think this would be an edge case, but a key reason we offer API contracts is to allow for predictability from the client side. You break that is you change then contract.

B) No, the HTTP call would not change. An alternative would be for us to add this to OS-KSVALIDATE which we just shipped. The call would then be:

DELETE /OS-KSVALIDATE/token
X-Auth_token: …
X-Subject-Token: {token_id}


From: Dolph Mathews <dolph.mathews@xxxxxxxxx<mailto:dolph.mathews@xxxxxxxxx>>
Date: Thu, 26 Jan 2012 17:17:12 -0600
To: Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx<mailto:ziad.sawalha@xxxxxxxxxxxxx>>
Cc: Jorge Williams <jorge.williams@xxxxxxxxxxxxx<mailto:jorge.williams@xxxxxxxxxxxxx>>, Dolph Mathews <dolph.mathews@xxxxxxxxx<mailto:dolph.mathews@xxxxxxxxx>>, "Yee, Guang" <guang.yee@xxxxxx<mailto:guang.yee@xxxxxx>>, "openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>(openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>)" <openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>>
Subject: Re: [Openstack] Keystone: is revoke token API "officially" supported

A) This wasn't documented at all (AFAIK), so there's no concern of breaking contracts.

B) Even if it's moved to an extension, would the call change from it's current form?:

    DELETE /tokens/{token_id}

I'm not sure what the extension convention is here.

-Dolph Mathews

On Jan 26, 2012, at 4:39 PM, Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx<mailto:ziad.sawalha@xxxxxxxxxxxxx>> wrote:

If a client has bound to the contract XSD, they will break if we add this, won't they?

But… I don't know how many clients would have bound to the OS-KSADM contracts. We've been diligent and strict about not changing the core contract, but this is the first time we've been presented with a change to an extension like this.

I'd still lean towards the "correct" practice of adding this as another extension. Especially since that extension would only be adding a new method on an existing resource, so would not require complex naming changes…

Open to alternative points of view..

Z


From: Jorge Williams <jorge.williams@xxxxxxxxxxxxx<mailto:jorge.williams@xxxxxxxxxxxxx>>
Date: Thu, 26 Jan 2012 13:36:13 -0600
To: Dolph Mathews <dolph.mathews@xxxxxxxxx<mailto:dolph.mathews@xxxxxxxxx>>
Cc: "Yee, Guang" <guang.yee@xxxxxx<mailto:guang.yee@xxxxxx>>, "openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx> (openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>)" <openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>>, Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx<mailto:ziad.sawalha@xxxxxxxxxxxxx>>
Subject: Re: [Openstack] Keystone: is revoke token API "officially" supported

Moving it to an extension makes sense to me.  Ziad, does it make sense to add it to OS-KSADM...or is this a different extension all together...revoke token extension?

-jOrGe W.

On Jan 26, 2012, at 11:43 AM, Dolph Mathews wrote:

It is definitely not a documented call (hence the "should this be removed?" comment in the implementation); if it were to be "promoted" from undocumented to an extension, I imagine it would belong in OS-KSADM.

- Dolph

On Thu, Jan 26, 2012 at 10:51 AM, Yee, Guang <guang.yee@xxxxxx<mailto:guang.yee@xxxxxx>> wrote:
I see it implemented in the code as

DELETE /v2.0/tokens/{tokenId}

But it doesn’t appear to be documented in any of the WADLs.


Thanks!

Guang


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp



References