• Keystone
• SimpleEndpoints

Endpoint management can (and should) be made simpler across all interactions with keystone: REST API, CLI, and the persistence layer.

# locations have arbitrary hierarchical complexity

• location
  • id (PK) uid (string)
    • 'uk'
    parent_location_id (FK, nullable) name (string)
    • 'UK'
    desc (string, nullable)
    • 'United Kingdom'

# endpoints have arbitrary type

endpoint

• id (PK) uid (string) service_id (FK) location_id (FK) type (string)
  • 'admin', 'internal', or 'public'
  url (string)

  • 'https://api.openstack.org/tenants/%tenant_id%/'

  is_global (bool)
  • (detected *automatically* based on url)

# tenants are granted access to endpoints with type-level granularity # endpoint types can still be hidden from users with role-level granularity

tenant_endpoints

• tenant_id (FK) endpoint_id (FK)

# Create a location $ ./manage add_location --name="{location_name}" CREATED Location: {location_uid}

# Create a service $ ./manage add_service --name="{service_name}" --type="{service_type}" CREATED Service: {service_uid}

# Create an (internal) endpoint for the service at the location $ ./manage add_endpoint --service="{service_uid}" --location="{location_uid}" --type="{endpoint_type}" url="{endpoint_url}" CREATED Endpoint: {endpoint_uid}

# Grant a tenant access to (internal) endpoint $ ./manage grant_tenant_endpoint --tenant="{tenant_uid}" --endpoint="{endpoint_uid}"

GET /tokens/{token_id}/endpoints