Remove Project/Tenant ID from v3 API URLs

Registered by Gabriel Hurley

As per there's strong support fro removing the project ID from the Nova API URL structure. This blueprint is to capture the work required to remove the project ID from the URL scheme, instead relying on the context to pass in the correct values (as it already does).

Blueprint information

Russell Bryant
Gabriel Hurley
melanie witt
Series goal:
Accepted for havana
Milestone target:
milestone icon 2013.2
Started by
Thierry Carrez
Completed by
Russell Bryant

Related branches



This should be worked in a way that allows external policy enforcement points to validate what resources within a project a token should have access to.

For example, Repose sits in front of some Nova installs and has an authorization filter. If the user attempts to access a nova resource with a token not scoped to the project that holds that resource, Repose will return a 401 and Nova won't have to service the request at all.

Gerrit topic:,topic:bp/v3-api-remove-project-id,n,z

Addressed by:
    removes project_id/tenant_id from v3 api urls

What work is left after the above patch?
  - There doesn't seem to be much more needed. I tested using the new url paths against the v3 api part 2 patch
    using the --bypass-url option in nova client and the ported apis ('fixed ips' and 'servers') were able to handle
    the requests correctly (with keystone auth).
  - I found in where project_id
    from the url is checked against project_id from the context but it still works properly with the new urls.
  - Code that creates RequestContext gets project_id from request headers.
  - This response header X-Server-Management-Url needs to not use project_id in this no auth case:
    Update: This isn't needed -- project_id here is a project *name*, not an id. It has nothing to do with project_id in urls.
  - Other than that, I think it's a matter of converting all the apis/extensions to v3 and making sure none make
    reference to or use project_id from the url.

Mauro found a change is needed to return the correct resource links in responses whether project_id is present in the url or not. His patch is below.

Addressed by:
    Change resource links when url has no project id

Addressed by:
    Adds NoAuthMiddleware for V3


Work Items

Work items:
Remove project_id/tenant_id prefix from all urls: DONE

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.