Reviewed: https://review.openstack.org/554727 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=a383867cdb044bf5ea59fbc28afd9beefcb1ee33 Submitter: Zuul Branch: master
commit a383867cdb044bf5ea59fbc28afd9beefcb1ee33 Author: Lance Bragstad <lbrags...@gmail.com> Date: Tue Mar 20 22:52:27 2018 +0000 Add scope documentation for service developers We have a document that attempts to help describe keystone concepts to other OpenStack developers. Now that we've added system scope to keystone, it makes sense to refresh this document and make it more helpful for services. This should help services consume various scopes to protect APIs at various levels (project, domain, system, et cetera). Change-Id: I1a92ed0b6bbba44d1050a857c3609d918bb25b86 Closes-Bug: 1757151 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1757151 Title: Token and scope documentation needs an update Status in OpenStack Identity (keystone): Fix Released Bug description: We have a document in our administrator guide that describes what tokens are, different scope types, and token providers [0]. While this is good information, we could elaborate on it a bit more to make the document even more useful: - Different types of scopes should have examples (e.g. project-scope == instance management) - Remove references to the UUID token provider, which has already been removed - Consider breaking the Authorization Scopes section out of the admin guide and into the user guide (it contains information that would be useful for end users as well as operators) We get comments from developers of other services about how scopes work (See Michael's comment in patch set 8 [1]). I think most people close to the system-scope work understand it because we've been exposed to the problem for so long and are familiar with the implementation. It'd be nice to work a fresh perspective into the Authorization Types document, or even have a separate document that explains the different scopes and how they relate to other services [2]. [0] https://docs.openstack.org/keystone/latest/admin/identity-tokens.html [1] https://review.openstack.org/#/c/523973/ [2] https://docs.openstack.org/keystone/latest/contributor/services.html To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1757151/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp