Re: [Openstack] Keystone: is revoke token API "officially" supported

[Jorge Williams]

Okay just to make things clear...

Totally agree with everything you said.  I don't think we should just put the 
functionality in core.  The safest thing to do is to put it in a separate 
extension rather than modifying the existing management extension.   The safest 
thing to do is also to move the functionality to a separate URI space as well.  
If you do all of this you will have no chance  of breaking clients or of 
running into future conflicts.

I'm glad to see you protecting the contract :-)

Having said all of that.  This *particular* change is not likely to break folks 
because it introduces new functionality rather than changing existing 
functionality and I don't think that conflicts with DELETE token are very 
likely.

-jOrGe W.


On Jan 26, 2012, at 5:29 PM, Ziad Sawalha wrote:

A) It sounds like yore making an assumption about what the type of client is. 
Some clients use WADL to generate stubs or validate contracts. Consider clients 
like JAX-RS/CXF clients? If you change the WADL, you've changed the contract. 
Like I said, I think this would be an edge case, but a key reason we offer API 
contracts is to allow for predictability from the client side. You break that 
is you change then contract.

B) No, the HTTP call would not change. An alternative would be for us to add 
this to OS-KSVALIDATE which we just shipped. The call would then be:

DELETE /OS-KSVALIDATE/token
X-Auth_token: …
X-Subject-Token: {token_id}


From: Dolph Mathews <dolph.math...@gmail.com<mailto:dolph.math...@gmail.com>>
Date: Thu, 26 Jan 2012 17:17:12 -0600
To: Ziad Sawalha <ziad.sawa...@rackspace.com<mailto:ziad.sawa...@rackspace.com>>
Cc: Jorge Williams 
<jorge.willi...@rackspace.com<mailto:jorge.willi...@rackspace.com>>, Dolph 
Mathews <dolph.math...@gmail.com<mailto:dolph.math...@gmail.com>>, "Yee, Guang" 
<guang....@hp.com<mailto:guang....@hp.com>>, 
"openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>(openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>)"
 <openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>>
Subject: Re: [Openstack] Keystone: is revoke token API "officially" supported

A) This wasn't documented at all (AFAIK), so there's no concern of breaking 
contracts.

B) Even if it's moved to an extension, would the call change from it's current 
form?:

    DELETE /tokens/{token_id}

I'm not sure what the extension convention is here.

-Dolph Mathews

On Jan 26, 2012, at 4:39 PM, Ziad Sawalha 
<ziad.sawa...@rackspace.com<mailto:ziad.sawa...@rackspace.com>> wrote:

If a client has bound to the contract XSD, they will break if we add this, 
won't they?

But… I don't know how many clients would have bound to the OS-KSADM contracts. 
We've been diligent and strict about not changing the core contract, but this 
is the first time we've been presented with a change to an extension like this.

I'd still lean towards the "correct" practice of adding this as another 
extension. Especially since that extension would only be adding a new method on 
an existing resource, so would not require complex naming changes…

Open to alternative points of view..

Z


From: Jorge Williams 
<jorge.willi...@rackspace.com<mailto:jorge.willi...@rackspace.com>>
Date: Thu, 26 Jan 2012 13:36:13 -0600
To: Dolph Mathews <dolph.math...@gmail.com<mailto:dolph.math...@gmail.com>>
Cc: "Yee, Guang" <guang....@hp.com<mailto:guang....@hp.com>>, 
"openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net> 
(openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>)" 
<openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>>, Ziad 
Sawalha <ziad.sawa...@rackspace.com<mailto:ziad.sawa...@rackspace.com>>
Subject: Re: [Openstack] Keystone: is revoke token API "officially" supported

Moving it to an extension makes sense to me.  Ziad, does it make sense to add 
it to OS-KSADM...or is this a different extension all together...revoke token 
extension?

-jOrGe W.

On Jan 26, 2012, at 11:43 AM, Dolph Mathews wrote:

It is definitely not a documented call (hence the "should this be removed?" 
comment in the implementation); if it were to be "promoted" from undocumented 
to an extension, I imagine it would belong in OS-KSADM.

- Dolph

On Thu, Jan 26, 2012 at 10:51 AM, Yee, Guang 
<guang....@hp.com<mailto:guang....@hp.com>> wrote:
I see it implemented in the code as

DELETE /v2.0/tokens/{tokenId}

But it doesn’t appear to be documented in any of the WADLs.


Thanks!

Guang


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : 
openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : 
openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp



_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp