Jump to: navigation, search

Spec-ceilometer-user-api

Revision as of 01:36, 27 November 2012 by Doug (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
  • Launchpad Entry: CeilometerSpec:user-api
  • Created: 26 Nov 2012
  • Contributors: Doug Hellmann

Summary

We need an API for non-admin users to be able to query their own data. There isn't really any need for the two APIs to be different, if we check permissions in each API call and always include the user's tenant id in a query when the user is not an admin.

Release Note

Rationale

User stories

  • As a User, I can query details about my resources
  • As an Admin, I can query details about any resource

Assumptions

Design

All of the API endpoints should check the incoming keystone credentials. If the user is not an admin, the tenant id should be added to the query automatically. If the user is not an admin and they have provided a tenant id in the query spec that does not match their credentials, return a 404.

Admin users should get the behavior the API provides now.

Implementation

UI Changes

The goal is to keep one set of API endpoints.

Code Changes

Migration

None

Test/Demo Plan

This need not be added or completed until the specification is nearing beta.

Unresolved issues

1. We may have modify the lookup done by the '/resource/<resource-id>' URL because it does not examine a tenant id right now. What other URLs may have similar issues? 2. Do we need a special role that gives the equivalent behavior without requiring admin privileges, so the billing system clients don't have to be admins?

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.

Retrieved from "https://wiki.openstack.org/w/index.php?title=Spec-ceilometer-user-api&oldid=11981"