I've just dropped in place a bunch of developer documentation (RST) for Keystone - one in, one pending (https://review.openstack.org/#change,1089). Making these docs brought up a number of questions that I wasn't able to answer. I want to put more context around the commands and concepts for the reader prior to updating the docbook documentaiton. Joe Savak suggested on IRC that I just drop them out here to the list, so here goes:
If any of these are "just bugs", let me know and I'll file them. Q: Why is an administrative service token bound to a tenant? Right now, keystone-manage to create an administrative service token, the token which in turn is configured into nova, swift, glance, and dashboard, requires a tenant - but as I understand tenant that doesn't make sense - as the various services all serve more than one tenant. Q: How do you remove a service? Q: How do you remove an EndpointTemplate? Q: What's the purpose of a "role" prior to RBAC Is it really just relevant for the Keystone administrative API, but more coming online later with the RBAC work? Does any role based link between a user and a tenant allow that user to get a scoped token for that tenant? Q: How do you remove a role? Q: What's the keystone-manage command for "credential add" do? There's also no corresponding delete or disable - is this password update for the passwords that are set on "keystone-manage user add"? If not, how are those passwords updated? Q: What are "type" and "key" as related to "credential add" command, and what are they intended to do? Q: Why isn't there a "user delete" and a "tenant delete"? Is this a "just haven't gotten to it yet" bug? -joe
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
