← Back to team overview

openstack team mailing list archive

Re: Keystone API question

 

>From admin port I want to list the tenants a user (different from the
current user) belongs to.

On Fri, May 4, 2012 at 1:24 AM, Gabriel Hurley <Gabriel.Hurley@xxxxxxxxxx>wrote:

>  On the keystone admin port the tenants call will list all tenants
> (provided the token corresponds to a user who has admin privileges).****
>
> ** **
>
> **-          **Gabriel****
>
> ** **
>
> *From:* openstack-bounces+gabriel.hurley=nebula.com@xxxxxxxxxxxxxxxxxxx[mailto:
> openstack-bounces+gabriel.hurley=nebula.com@xxxxxxxxxxxxxxxxxxx] *On
> Behalf Of *Luis Gervaso
> *Sent:* Thursday, May 03, 2012 1:24 PM
> *To:* Everett Toews
> *Cc:* openstack@xxxxxxxxxxxxxxxxxxx
> *Subject:* Re: [Openstack] Keystone API question****
>
> ** **
>
> Yes, this is the real issue.****
>
> ** **
>
> Since /tenants is only valid for the current user (that's X-Auth-Token
> dependant)****
>
> ** **
>
> How can an administrator user list all the tenants a user belongs to?****
>
> ** **
>
> Another issue i've detected is that endpoints are always dependant on a
> service,****
>
> may be i'm wrong but for me:****
>
> ** **
>
> /service/{service_id}/endpoints****
>
> ** **
>
> is more appropiate than****
>
> ** **
>
> /endpoints****
>
> ** **
>
> Dolph, please correct me****
>
> ** **
>
> Luis****
>
> ** **
>
> ** **
>
> On Thu, May 3, 2012 at 10:12 PM, Everett Toews <everett.toews@xxxxxxxxx>
> wrote:****
>
> I get the same as Luis when trying GET /users/{user_id}/roles on
> stable/essex (using devstack). Keystone spits back an****
>
> ** **
>
> AttributeError: 'UserController' object has no attribute 'get_user_roles'*
> ***
>
> ** **
>
> message instead of a nice 501.****
>
> ** **
>
> GET /tenants/{tenant_id}/users/{user_id}/roles works fine. For a bit more
> detail have a look at****
>
> ** **
>
>
> http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_listRolesForUserOnTenant_v2.0_tenants__tenantId__users__user_id__roles_Admin_API_Service_Developer_Operations-d1e1356.html
> ****
>
> ** **
>
> Everett****
>
> ** **
>
> On Thu, May 3, 2012 at 9:34 AM, Dolph Mathews <dolph.mathews@xxxxxxxxx>
> wrote:****
>
> The philosophy in essex is that it's meaningless for a user to have a role
> without that role being applied to a tenant, so the call that's implemented
> is:****
>
> ** **
>
>     GET /tenants/{tenant_id}/users/{user_id}/roles****
>
> ** **
>
> Calling this instead should get you an HTTP 501 stating "User roles not
> supported: tenant ID required".****
>
> ** **
>
>     GET /users/{user_id}/roles****
>
> ** **
>
> Also, the term "roleRefs" was deprecated late in the diablo cycle (AFAIK)
> in favor of "roles".****
>
> ** **
>
> -Dolph****
>
> ** **
>
> On Wed, May 2, 2012 at 3:44 PM, Luis Gervaso <luis@xxxxxxxxx> wrote:****
>
>  Hi,****
>
> ** **
>
> In Diablo was:****
>
> ** **
>
> GET /users/{user_id}/roleRefs
> ****
>
> ** **
>
> In Essex it is maintained for compatibility reasons. I understand that
> this is the obsolete now.****
>
> ** **
>
> I can find:****
>
> ** **
>
> PUT & DELETE /users/{user_id}/roles/OS-KSADM/{role_id}****
>
> ** **
>
> How can get all the roles having a user_id?****
>
> ** **
>
> GET /users/{user_id}/roles (i can't find this on stable/essex)****
>
> ** **
>
> Returning role list with tenant associated****
>
> ** **
>
> Another option that would work for me is:****
>
> ** **
>
> GET /users/{user_id}/tenants****
>
> ** **
>
> Returning tenant list with role list associated per tenant****
>
> ** **
>
> ** **
>
> When i GET /user/{user_id} i obtain only this info****
>
> ** **
>
> {"user": {"name": "admin", "enabled": true, "email": "admin@xxxxxxxxxxx",
> "id": "ef1e63df85b641d7bf3c575bb8670cef", "tenantId": null}}
> ****
>
> ** **
>
> Regards****
>
> ** **
>
> --
> -------------------------------------------
> Luis Alberto Gervaso Martin****
>
> Woorea Solutions, S.L
> CEO & CTO
> mobile: (+34) 627983344
> luis@ <luis.gervaso@xxxxxxxxx>woorea.es****
>
> ** **
>
> ** **
>
> ** **
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp****
>
>  ** **
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp****
>
> ** **
>
>
>
> ****
>
> ** **
>
> --
> -------------------------------------------
> Luis Alberto Gervaso Martin****
>
> Woorea Solutions, S.L
> CEO & CTO
> mobile: (+34) 627983344
> luis@ <luis.gervaso@xxxxxxxxx>woorea.es****
>
> ** **
>



-- 
-------------------------------------------
Luis Alberto Gervaso Martin
Woorea Solutions, S.L
CEO & CTO
mobile: (+34) 627983344
luis@ <luis.gervaso@xxxxxxxxx>woorea.es

Follow ups

References