← Back to team overview

openstack team mailing list archive

Re: Keystone API question

 

Yes, this is the real issue.

Since /tenants is only valid for the current user (that's X-Auth-Token
dependant)

How can an administrator user list all the tenants a user belongs to?

Another issue i've detected is that endpoints are always dependant on a
service,
may be i'm wrong but for me:

/service/{service_id}/endpoints

is more appropiate than

/endpoints

Dolph, please correct me

Luis


On Thu, May 3, 2012 at 10:12 PM, Everett Toews <everett.toews@xxxxxxxxx>wrote:

> I get the same as Luis when trying GET /users/{user_id}/roles on
> stable/essex (using devstack). Keystone spits back an
>
> AttributeError: 'UserController' object has no attribute 'get_user_roles'
>
> message instead of a nice 501.
>
> GET /tenants/{tenant_id}/users/{user_id}/roles works fine. For a bit more
> detail have a look at
>
>
> http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_listRolesForUserOnTenant_v2.0_tenants__tenantId__users__user_id__roles_Admin_API_Service_Developer_Operations-d1e1356.html
>
> Everett
>
>
> On Thu, May 3, 2012 at 9:34 AM, Dolph Mathews <dolph.mathews@xxxxxxxxx>wrote:
>
>> The philosophy in essex is that it's meaningless for a user to have a
>> role without that role being applied to a tenant, so the call that's
>> implemented is:
>>
>>     GET /tenants/{tenant_id}/users/{user_id}/roles
>>
>> Calling this instead should get you an HTTP 501 stating "User roles not
>> supported: tenant ID required".
>>
>>     GET /users/{user_id}/roles
>>
>> Also, the term "roleRefs" was deprecated late in the diablo cycle (AFAIK)
>> in favor of "roles".
>>
>> -Dolph
>>
>> On Wed, May 2, 2012 at 3:44 PM, Luis Gervaso <luis@xxxxxxxxx> wrote:
>>
>>> Hi,
>>>
>>> In Diablo was:
>>>
>>> GET /users/{user_id}/roleRefs
>>>
>>> In Essex it is maintained for compatibility reasons. I understand that
>>> this is the obsolete now.
>>>
>>> I can find:
>>>
>>> PUT & DELETE /users/{user_id}/roles/OS-KSADM/{role_id}
>>>
>>> How can get all the roles having a user_id?
>>>
>>> GET /users/{user_id}/roles (i can't find this on stable/essex)
>>>
>>> Returning role list with tenant associated
>>>
>>> Another option that would work for me is:
>>>
>>> GET /users/{user_id}/tenants
>>>
>>> Returning tenant list with role list associated per tenant
>>>
>>>
>>> When i GET /user/{user_id} i obtain only this info
>>>
>>> {"user": {"name": "admin", "enabled": true, "email": "admin@xxxxxxxxxxx",
>>> "id": "ef1e63df85b641d7bf3c575bb8670cef", "tenantId": null}}
>>>
>>> Regards
>>>
>>> --
>>> -------------------------------------------
>>> Luis Alberto Gervaso Martin
>>> Woorea Solutions, S.L
>>> CEO & CTO
>>> mobile: (+34) 627983344
>>> luis@ <luis.gervaso@xxxxxxxxx>woorea.es
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>


-- 
-------------------------------------------
Luis Alberto Gervaso Martin
Woorea Solutions, S.L
CEO & CTO
mobile: (+34) 627983344
luis@ <luis.gervaso@xxxxxxxxx>woorea.es

Follow ups

References