OpenStack Identity (keystone)

filter endpoints based on scope

Registered by Guang Yee on 2013-03-06

Currently Keystone returns all endpoints in the service catalog, regardless whether users have access to them or not. This is neither necessary nor efficient.
We need to establish project-endpoints relationship so we can effectively assign endpoints to a given project, and be able to filter endpoints returned in the service catalog based on the token scope.

Blueprint information

Status:: Complete

Approver:: None

Priority:: Low

Drafter:: Guang Yee

Direction:: Needs approval

Assignee:: Fabio Giannetti

Definition:: Drafting

Series goal:: Accepted for havana

Implementation:: Implemented

Milestone target:: 2013.2

Started by: Dolph Mathews on 2013-08-06

Completed by: Dolph Mathews on 2013-08-28

Related branches

Related bugs

Sprints

Whiteboard

https://etherpad.openstack.org/havana-endpoint-filtering

I separated the "optional catalog" portion of this blueprint into a new one, please reduce the scope of this blueprint accordingly (see https://blueprints.launchpad.net/keystone/+spec/catalog-optional )

if I understood correctly, the ultimate goal here was to encrypt a token for exclusive consumption by a specific service? so why fuss with superficial changes on the catalog at all?

<gyee> this one is unrelated to the encrypt-token-for-endpoint goal. This BP is aim to reduce the size of the catalog. There's no point of return all endpoints if user have to access to them. One "good" side-effect of this may also solved the PKI token size limit problem as well.

Gerrit topic: https://review.openstack.org/#q,topic:bp/endpoint-filtering,n,z

Addressed by: https://review.openstack.org/33118 (merged)
Project to Endpoint association for catalog filtering

revised as 'slow progress' due to the implementation consistently failing jenkins

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

David Lyle

david

Qiu Yu