Spec-ceilometer-user-api


 * Launchpad Entry: CeilometerSpec:user-api
 * Created: 26 Nov 2012
 * Contributors: Doug Hellmann

Summary
We need an API for non-admin users to be able to query their own data. There isn't really any need for the two APIs to be different, if we check permissions in each API call and always include the user's tenant id in a query when the user is not an admin.

User stories

 * As a User, I can query details about my resources
 * As an Admin, I can query details about any resource

Design
All of the API endpoints should check the incoming keystone credentials. If the user is not an admin, the tenant id should be added to the query automatically. If the user is not an admin and they have provided a tenant id in the query spec that does not match their credentials, return a 404.

Admin users should get the behavior the API provides now.

UI Changes
The goal is to keep one set of API endpoints.

Migration
None

Test/Demo Plan
This need not be added or completed until the specification is nearing beta.

Unresolved issues

 * 1) We may have modify the lookup done by the '/resource/' URL because it does not examine a tenant id right now.  What other URLs may have similar issues?
 * 2) Do we need a special role that gives the equivalent behavior without requiring admin privileges, so the billing system clients don't have to be admins?

BoF agenda and discussion
Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.