Jump to: navigation, search

Difference between revisions of "Spec-ceilometer-user-api"

 
(fix list markup)
Line 43: Line 43:
 
== Unresolved issues ==
 
== Unresolved issues ==
  
1. We may have modify the lookup done by the '/resource/<resource-id>' URL because it does not examine a tenant id right now.  What other URLs may have similar issues?
+
# We may have modify the lookup done by the '/resource/<resource-id>' URL because it does not examine a tenant id right now.  What other URLs may have similar issues?
2. Do we need a special role that gives the equivalent behavior without requiring admin privileges, so the billing system clients don't have to be admins?
+
# Do we need a special role that gives the equivalent behavior without requiring admin privileges, so the billing system clients don't have to be admins?
  
 
== BoF agenda and discussion ==
 
== BoF agenda and discussion ==

Revision as of 01:36, 27 November 2012

  • Launchpad Entry: CeilometerSpec:user-api
  • Created: 26 Nov 2012
  • Contributors: Doug Hellmann

Summary

We need an API for non-admin users to be able to query their own data. There isn't really any need for the two APIs to be different, if we check permissions in each API call and always include the user's tenant id in a query when the user is not an admin.

Release Note

Rationale

User stories

  • As a User, I can query details about my resources
  • As an Admin, I can query details about any resource

Assumptions

Design

All of the API endpoints should check the incoming keystone credentials. If the user is not an admin, the tenant id should be added to the query automatically. If the user is not an admin and they have provided a tenant id in the query spec that does not match their credentials, return a 404.

Admin users should get the behavior the API provides now.

Implementation

UI Changes

The goal is to keep one set of API endpoints.

Code Changes

Migration

None

Test/Demo Plan

This need not be added or completed until the specification is nearing beta.

Unresolved issues

  1. We may have modify the lookup done by the '/resource/<resource-id>' URL because it does not examine a tenant id right now. What other URLs may have similar issues?
  2. Do we need a special role that gives the equivalent behavior without requiring admin privileges, so the billing system clients don't have to be admins?

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.