Slightly adjusted instructions after testing:
To enable the endpoint filter extension:
1. Add the new [endpoin_ filter] section ton ``keystone.conf``.
example:
[endpoint_filter]
# extension for creating associations between project and endpoints in order to
# provide a tailored catalog for project-scoped token requests.
driver = keystone.contrib.endpoint_filter.backends.sql.EndpointFilter
# return_all_endpoints_if_no_filter = True
optional: change ``return_all_endpoints_if_no_filter`` the
``[endpoint_filter]`` section
2. Add the ``endpoint_filter_extension`` filter to the ``api_v3`` pipeline in
``keystone-paste.ini``.
example:
[filter:endpoint_filter_extension]
paste.filter_factory =
keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory
[pipeline:api_v3]
pipeline = access_log sizelimit url_normalize token_auth admin_token_auth
xml_body json_body ec2_extension s3_extension endpoint_filter_extension
service_v3
3. Create the endpoint filter extension tables if using the provided sql
backend. example::
./bin/keystone-manage db_sync --extension endpoint_filter
4. Once you have done the changes restart the keystone-server to apply the
changes.
> -----Original Message-----
> From: Miller, Mark M (EB SW Cloud - R&D - Corvallis)
> Sent: Tuesday, October 08, 2013 1:30 PM
> To: OpenStack Development Mailing List
> Subject: Re: [openstack-dev] Keystone OS-EP-FILTER descrepancy
>
> Here is the response from Fabio:
>
> Mark,
> Please have a look at the configuration.rst in the contrib/endpoint-filter
> folder.
> I pasted here for your convenience:
>
> ==================================
> Enabling Endpoint Filter Extension
> ==================================To enable the endpoint filter
> extension:
> 1. add the endpoint filter extension catalog driver to the ``[catalog]``
> section
> in ``keystone.conf``. example::
>
> [catalog]
> driver =
> keystone.contrib.endpoint_filter.backends.catalog_sql.EndpointFilterCatalog
> 2. add the ``endpoint_filter_extension`` filter to the ``api_v3`` pipeline in
> ``keystone-paste.ini``. example::
>
> [pipeline:api_v3]
> pipeline = access_log sizelimit url_normalize token_auth
> admin_token_auth xml_body json_body ec2_extension s3_extension
> endpoint_filter_extension service_v3 3. create the endpoint filter extension
> tables if using the provided sql backend. example::
> ./bin/keystone-manage db_sync --extension endpoint_filter 4. optional:
> change ``return_all_endpoints_if_no_filter`` the ``[endpoint_filter]`` section
> in ``keystone.conf`` to return an empty catalog if no associations are
> made.
> example::
> [endpoint_filter]
> return_all_endpoints_if_no_filter = False
>
>
> Steps 1-3 are mandatory. Once you have done the changes restart the
> keystone-server to apply the changes.
>
> The /v3/auth/tokens?nocatalog is to remove the catalog from the token
> creation.
> It is different from the filtering because it won't return any endpoint in the
> service catalog. The endpoint filter will return only the ones that you have
> associated with a particular project.
> Please bear in mind that this works only with scoped token (meaning where
> you pass a project id).
>
>
>
>
>
>
> > -----Original Message-----
> > From: Miller, Mark M (EB SW Cloud - R&D - Corvallis)
> > Sent: Tuesday, October 08, 2013 1:21 PM
> > To: OpenStack Development Mailing List
> > Subject: [openstack-dev] Keystone OS-EP-FILTER descrepancy
> >
> > Hello,
> >
> > I am attempting to test the Havana v3 OS-EP-FILTER extension with the
> > latest RC1 bits and I get a 404 error response.
> >
> > The documentation actually shows 2 different URIs for this API:
> >
> > - GET /OS-EP-FILTER/projects/{project_id}/endpoints and
> > http://identity:35357/v3/OS-FILTER/projects/{project_id}/endpoints
> >
> > I have tried both "OS-EP-FILTER" and "OS-FILTER" with the same result.
> > Does anyone have information as to what I am missing?
> >
> > Regards,
> >
> > Mark Miller
> >
> > -------------
> >
> > From the online documentation:
> >
> > List Associations for Project: GET /OS-EP-
> > FILTER/projects/{project_id}/endpoints
> >
> > Returns all the endpoints that are currently associated with a specific
> project.
> >
> > Response:
> > Status: 200 OK
> > {
> > "endpoints":
> > [
> > {
> > "id": "--endpoint-id--",
> > "interface": "public",
> > "url": "http://identity:35357/";,
> > "region": "north",
> > "links": {
> > "self": "http://identity:35357/v3/endpoints/--endpoint-id--";
> > },
> > "service_id": "--service-id--"
> > },
> > {
> > "id": "--endpoint-id--",
> > "interface": "internal",
> > "region": "south",
> > "url": "http://identity:35357/";,
> > "links": {
> > "self": "http://identity:35357/v3/endpoints/--endpoint-id--";
> > },
> > "service_id": "--service-id--"
> > }
> > ],
> > "links": {
> > "self": "http://identity:35357/v3/OS-
> > FILTER/projects/{project_id}/endpoints",
> > "previous": null,
> > "next": null
> > }
> > }
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev@lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
