Barbican

Barbican APIs needs a refactoring to align with Keystone V3 API

Registered by Arvind Tiwari on 2013-11-18

Currently Barbican V1 APIs scopes all resources to a tenant_id but in reality there is nothing in Keystone (from v3) as tenants.

Tenants are replaced by projects resource and projects are no more a top level resource. As per V3 API, Domains https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3.md#domains-v3domains, projects are now scoped to a domains.

To make Babican compatible with Keystone V3 we have to refactor APIs, something like

https://.../v1/domains/{domain_id}/projects/{project_id}/secrets
https://.../v1/domains/{domain_id}/projects/{project_id}/orders

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: Arvind Tiwari

Direction:: Needs approval

Assignee:: Arvind Tiwari

Definition:: Obsolete

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Completed by: Douglas Mendizábal on 2014-12-02

Related branches

Related bugs

Sprints

Whiteboard

No other service besides keystone should be tracking the relationship between domains and projects. Putting both into URL's of barbican both places that burden on barbican and applies swift's approach of URL-based request context to barbican which is something that the openstack community wants to abandon. Barbican *should* speak in terms of "projects," but that happens beneath the API layer (it's between the authentication layer and authorization enforcement). -dolph

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

John Wood