Remove the tenant-id from the URI

Registered by John Wood on 2013-11-15

OpenStack projects appear to be moving away from requiring a tenant-id in the URI, as this is redundant information when Keystone authentication is used. This blueprint calls for removing the tenant-id for all Barbican service calls.

In addition, all internal references to 'tenant-id' or 'keystone-id' should be removed at this time, in favor of 'project-id'.

Reconsider the current use of two Python REST verb handler classes per each REST URI/resource.

Blueprint information

Status:
Complete
Approver:
Douglas Mendizábal
Priority:
Medium
Drafter:
John Wood
Direction:
Approved
Assignee:
Venkat Sundaram
Definition:
Approved
Series goal:
Accepted for juno
Implementation:
Implemented
Milestone target:
milestone icon juno-3
Started by
Douglas Mendizábal on 2014-12-03
Completed by
Douglas Mendizábal on 2014-12-03

Related branches

Sprints

Whiteboard

I think it is wider scope topic, we need to map our API with Keystone and we should consider Domain and projects etcs.
May be it is time to have new API version

atiwari - Working on API proposal for removing tenant_id from URI and adding support for secret owner. So that user level secret isolation can be defined

Current (v1) barbican APIs URIs has tight binding with tenant_id (context). This need to be removed so that context (mostly tenant) has to be removed from URI path.

Context (tenant_id and user_id) information can be mostly derived from the incoming token. In some cases we can not rely on context from token (e.g. admin is creating secrets on behalf of users), there should be provision for extra header in the API to establish a context in such cases. (X-Owner-Id and X-Project-Id)

https://blueprints.launchpad.net/barbican/+spec/api-remove-uri-tenant-id
https://blueprints.launchpad.net/barbican/+spec/secret-isolation-at-user-level

Comment by jarret-raim on 2014-04-24 13:15 -0500:

I don't think there is any objection to removing the tenant id, so I don't see a need for a session on this topic? Any side discussions can probably happen at our table.

Let me know if you don't agree!

Gerrit topic: https://review.openstack.org/#q,topic:api-remove-uri-tenant-id,n,z

Addressed by: https://review.openstack.org/105562
    remove tenant-id from resource URIs

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.