Endpoint Versioning
The following is written based on the python-openstack common cli (OSC) but I think it is true for any of the clients attempting to talk to Keystone.
For OSC, to specify the version, the user passes in
--os-identity-
or
--os-identity-
No other values are currently supported.
0 Always strip any final / from the auth_url before proceeding
1. If the auth_url ends in v3, assume the v3 api
2. If the auth_url ends in v2.0 assume the v2 api
3. If the auth_url does not end in either of the above, assume the v3 api.
4. If the user specifies an API version to use, that should override the above.
5. If the request API version does not match the URL, attempt to compose a valid URL
5.1 If the user wants the v2.0 api and the URL ends in /v3, remove the /v3 and append /v2.0
5.2 If the user wants the v3 api and the URL ends in /v2.0, remove the /v2.0 and append /v3 and the URL does not end in /v3, append /v3
5.3 If the user wants the v2.0 api and the URL ends in /v2.0, use the URL as is
5.4 If the user wants the v3 api and the URL ends in /v3, use the URL as is
5.5 Otherwise, attempt to do auth_url discovery:
Discovery is basically: Assume the auth URL is the root of the tree. Do an unauthenticated fetch on the URL. Search through the resulting JSON for the "versions" key, which should contain an array. Iterate through the members of the this collection until one has an "id" attribute that matches the requested API version, and select the corresponding "self" link as the auth_url from that point forward.
We don't want to do discover on every request, as it is expensive (complete round trip). Once it has been performed, the updated AUTH_URL should be cached. This is a tricky proposition, as the only updatable store is the python-keystore. We don't want to prevent someone from updating their AUTH_URL if the server gets upgraded.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Dolph Mathews
Related branches
Related bugs
Sprints
Whiteboard
Dolphm: Don't parse apart the specified endpoint & don't make assumptions about it
nothing else here even approximates discovery
ayoung: the only other alternative is to have a separate set of of non-versioned endpoints.
dolph: the alternative is to implement actual version discovery, not a sad hack based on the default keystone paste configuration
Gerrit topic: https:/
Addressed by: https:/
Correct versions in the URLs