Yes, this is the real issue. Since /tenants is only valid for the current user (that's X-Auth-Token dependant)
How can an administrator user list all the tenants a user belongs to? Another issue i've detected is that endpoints are always dependant on a service, may be i'm wrong but for me: /service/{service_id}/endpoints is more appropiate than /endpoints Dolph, please correct me Luis On Thu, May 3, 2012 at 10:12 PM, Everett Toews <everett.to...@cybera.ca>wrote: > I get the same as Luis when trying GET /users/{user_id}/roles on > stable/essex (using devstack). Keystone spits back an > > AttributeError: 'UserController' object has no attribute 'get_user_roles' > > message instead of a nice 501. > > GET /tenants/{tenant_id}/users/{user_id}/roles works fine. For a bit more > detail have a look at > > > http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_listRolesForUserOnTenant_v2.0_tenants__tenantId__users__user_id__roles_Admin_API_Service_Developer_Operations-d1e1356.html > > Everett > > > On Thu, May 3, 2012 at 9:34 AM, Dolph Mathews <dolph.math...@gmail.com>wrote: > >> The philosophy in essex is that it's meaningless for a user to have a >> role without that role being applied to a tenant, so the call that's >> implemented is: >> >> GET /tenants/{tenant_id}/users/{user_id}/roles >> >> Calling this instead should get you an HTTP 501 stating "User roles not >> supported: tenant ID required". >> >> GET /users/{user_id}/roles >> >> Also, the term "roleRefs" was deprecated late in the diablo cycle (AFAIK) >> in favor of "roles". >> >> -Dolph >> >> On Wed, May 2, 2012 at 3:44 PM, Luis Gervaso <l...@woorea.es> wrote: >> >>> Hi, >>> >>> In Diablo was: >>> >>> GET /users/{user_id}/roleRefs >>> >>> In Essex it is maintained for compatibility reasons. I understand that >>> this is the obsolete now. >>> >>> I can find: >>> >>> PUT & DELETE /users/{user_id}/roles/OS-KSADM/{role_id} >>> >>> How can get all the roles having a user_id? >>> >>> GET /users/{user_id}/roles (i can't find this on stable/essex) >>> >>> Returning role list with tenant associated >>> >>> Another option that would work for me is: >>> >>> GET /users/{user_id}/tenants >>> >>> Returning tenant list with role list associated per tenant >>> >>> >>> When i GET /user/{user_id} i obtain only this info >>> >>> {"user": {"name": "admin", "enabled": true, "email": "ad...@example.com", >>> "id": "ef1e63df85b641d7bf3c575bb8670cef", "tenantId": null}} >>> >>> Regards >>> >>> -- >>> ------------------------------------------- >>> Luis Alberto Gervaso Martin >>> Woorea Solutions, S.L >>> CEO & CTO >>> mobile: (+34) 627983344 >>> luis@ <luis.gerv...@gmail.com>woorea.es >>> >>> >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~openstack >>> Post to : openstack@lists.launchpad.net >>> Unsubscribe : https://launchpad.net/~openstack >>> More help : https://help.launchpad.net/ListHelp >>> >>> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > -- ------------------------------------------- Luis Alberto Gervaso Martin Woorea Solutions, S.L CEO & CTO mobile: (+34) 627983344 luis@ <luis.gerv...@gmail.com>woorea.es
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp