Ask Your Question
0

keystone Identity Admin API v2.0 behavior RHEL OS -vs- Community OS

asked 2016-04-07 15:02:07 -0500

rshoemaker gravatar image

Hi,

I've noticed there's a difference between the way the RHEL OS and Community OS identity admin apis work and I'm hoping someone can provide a little perspective on what I'm seeing. Specifically, it looks like this API is expecting different values for {user-id} on different releases of OS:

/v2.0/tenants/{tenant-id}/users/{user-id}/roles

We are currently testing our product on Community Icehouse/Juno/Kilo as well as RHEL Kilo.

On Community Icehouse/Juno/Kilo, we are passing a user name for {user-id}:

$ curl -H "X-Auth-Token:$ostoken" http://keystone.somedomain.com:35357/v2.0/tenants/02b3cc5d8e0b420e8a15777f9a7d6420/users/rshoemaker/roles
{"roles": [{"id": "9fe2ff9ee4384b1894a90878d3e92bab", "name": "_member_"}]}

If we pass a user id, then we get a 404:

$ curl -H "X-Auth-Token:$ostoken" http://keystone.somedomain.com:35357/v2.0/tenants/02b3cc5d8e0b420e8a15777f9a7d6420/users/9fe2ff9ee4384b1894a90878d3e92bab/roles
{"error": {"message": "Could not find user: 9fe2ff9ee4384b1894a90878d3e92bab", "code": 404, "title": "Not Found"}}

On RHEL Kilo, if we pass the user name in, we get a 404:

$ curl -H "X-Auth-Token:$ostoken" http://rh-openstack.somedomain.com:35357/v2.0/tenants/1f6807689c904d6f9824fa3d202f5743/users/rshoemaker/roles
{"error": {"message": "Could not find user: rshoemaker", "code": 404, "title": "Not Found"}}

But if we pass the user id it works fine:

$ curl -H "X-Auth-Token:$ostoken" http://rh-openstack.somedomain.com:35357/v2.0/tenants/1f6807689c904d6f9824fa3d202f5743/users/3cf1b596585e419dac0c3bb94fd2f3b5/roles
{"roles": [{"id": "9fe2ff9ee4384b1894a90878d3e92bab", "name": "_member_"}]}

So, to summarize:

  • RHEL Kilo expects user ids and fails on user names
  • Community Icehouse/Juno/Kilo expect user names and fails on user ids

Can anyone explain why there's a difference? I'd almost feel better if Community Kilo and RHEL Kilo worked the same, but perhaps this is a case when RH changed the code to accept a user-id instead.

Based on the http://developer.openstack.org/api-ref-identity-admin-v2.html (OS docs here), it certainly seems like the API was meant to take a user-id, not a user-name.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-04-07 15:17:42 -0500

dbaxps gravatar image

updated 2016-04-07 15:26:10 -0500

       I would install KIlo on Ubuntu 14.04 via devstack and make same testing. At least one REST API request  should  work on upstream Kilo release been checked out from stable branch of devstack. I believe that there is no need to continue. 
Devstack is a great tool. It works via stable branches of upstream master.
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2016-04-07 15:02:07 -0500

Seen: 127 times

Last updated: Apr 07 '16