yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1757151] Re: Token and scope documentation needs an update

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1757151@xxxxxxxxxxxxxxxxxx>
Date: Tue, 20 Nov 2018 07:58:01 -0000
Reply-to: Bug 1757151 <1757151@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/554727
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=a383867cdb044bf5ea59fbc28afd9beefcb1ee33
Submitter: Zuul
Branch:    master

commit a383867cdb044bf5ea59fbc28afd9beefcb1ee33
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date:   Tue Mar 20 22:52:27 2018 +0000

    Add scope documentation for service developers
    
    We have a document that attempts to help describe keystone concepts
    to other OpenStack developers. Now that we've added system scope to
    keystone, it makes sense to refresh this document and make it more
    helpful for services.
    
    This should help services consume various scopes to protect APIs at
    various levels (project, domain, system, et cetera).
    
    Change-Id: I1a92ed0b6bbba44d1050a857c3609d918bb25b86
    Closes-Bug: 1757151


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1757151

Title:
  Token and scope documentation needs an update

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  We have a document in our administrator guide that describes what
  tokens are, different scope types, and token providers [0]. While this
  is good information, we could elaborate on it a bit more to make the
  document even more useful:

   - Different types of scopes should have examples (e.g. project-scope == instance management)
   - Remove references to the UUID token provider, which has already been removed
   - Consider breaking the Authorization Scopes section out of the admin guide and into the user guide (it contains information that would be useful for end users as well as operators)

  We get comments from developers of other services about how scopes
  work (See Michael's comment in patch set 8 [1]). I think most people
  close to the system-scope work understand it because we've been
  exposed to the problem for so long and are familiar with the
  implementation. It'd be nice to work a fresh perspective into the
  Authorization Types document, or even have a separate document that
  explains the different scopes and how they relate to other services
  [2].

  [0] https://docs.openstack.org/keystone/latest/admin/identity-tokens.html
  [1] https://review.openstack.org/#/c/523973/
  [2] https://docs.openstack.org/keystone/latest/contributor/services.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1757151/+subscriptions

References

[Bug 1757151] [NEW] Token and scope documentation needs an update
From: Lance Bragstad, 2018-03-20