← Back to team overview

openstack team mailing list archive

Re: Keystone API question

 

The philosophy in essex is that it's meaningless for a user to have a role
without that role being applied to a tenant, so the call that's implemented
is:

    GET /tenants/{tenant_id}/users/{user_id}/roles

Calling this instead should get you an HTTP 501 stating "User roles not
supported: tenant ID required".

    GET /users/{user_id}/roles

Also, the term "roleRefs" was deprecated late in the diablo cycle (AFAIK)
in favor of "roles".

-Dolph

On Wed, May 2, 2012 at 3:44 PM, Luis Gervaso <luis@xxxxxxxxx> wrote:

> Hi,
>
> In Diablo was:
>
> GET /users/{user_id}/roleRefs
>
> In Essex it is maintained for compatibility reasons. I understand that
> this is the obsolete now.
>
> I can find:
>
> PUT & DELETE /users/{user_id}/roles/OS-KSADM/{role_id}
>
> How can get all the roles having a user_id?
>
> GET /users/{user_id}/roles (i can't find this on stable/essex)
>
> Returning role list with tenant associated
>
> Another option that would work for me is:
>
> GET /users/{user_id}/tenants
>
> Returning tenant list with role list associated per tenant
>
>
> When i GET /user/{user_id} i obtain only this info
>
> {"user": {"name": "admin", "enabled": true, "email": "admin@xxxxxxxxxxx",
> "id": "ef1e63df85b641d7bf3c575bb8670cef", "tenantId": null}}
>
> Regards
>
> --
> -------------------------------------------
> Luis Alberto Gervaso Martin
> Woorea Solutions, S.L
> CEO & CTO
> mobile: (+34) 627983344
> luis@ <luis.gervaso@xxxxxxxxx>woorea.es
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

References