Documentation about Openstack Keystone v2/v3 usage

[axel3rd]

See JCLOUDS-1414, documentation about Openstack keystone v2/v3 usage

[jclouds-commentator]

Go to http://44ce6b87f08c84c4a336-587a4214cfc62e403204a0b0eced474e.r98.cf5.rackcdn.com/ to review your changes.

[jclouds-commentator]

Go to http://e8a2320cb8ee7328bc9a-98112aaa434232edc359e0c94cafc2fa.r90.cf5.rackcdn.com/ to review your changes.

[jclouds-commentator]

Go to http://4c17ddefb1e1845a6081-9bb6552a57750bbb30de030b38a1ebcc.r36.cf5.rackcdn.com/ to review your changes.

[jclouds-commentator]

Go to http://d6762342ecf65bd47950-3e336ecb7f68d8dda5e5d435de17b0ef.r3.cf5.rackcdn.com/ to review your changes.

[axel3rd]

Some tries about code & list typo, the last looks fine: Openstack Keystone v2-v3 authentication

[andreaturli]

thanks @axel3rd it is super useful!

I've left some comments mainly on the snippets: please address them and edit the document accordingly, i.e. if you replace Some.class with NovaApi.class make sure you do it all over the places.

Thanks

[andreaturli]

please use jclouds or Apache jclouds

[andreaturli]

provides instead of provide

[andreaturli]

isn't KEYSTONE_VERSION=2 the default?

[axel3rd]

According the Javadoc the default is 3 ; but I have not verified or really measured the impact to not provide this property ...

[andreaturli]

thanks @axel3rd for the quick update

I think from nova code https://github.com/jclouds/jclouds/blob/master/apis/openstack-nova/src/main/java/org/jclouds/openstack/nova/v2_0/NovaApiMetadata.java#L74 the default keystone version is 3 but the extra property would probably not hurt

@demobox @nacx any preference?

[nacx]

I'd leave it here for clarity. Also as we move forward version 2 will be eventually deprecated and removed, so better encourage users to be explicit about the version being used.

[andreaturli]

why new SomeApiMetadata()? wouldn't be clear with something as generic as openstack-nova

[andreaturli]

why Some.class here? I think NovaApi.class is a bit better, as it is now in http://jclouds.apache.org/guides/openstack/#nova, wdyt?

[jclouds-commentator]

Go to http://393f4caa8037a748294f-756fd4e7d22e69a6f0ff4346cb78ae2b.r35.cf5.rackcdn.com/ to review your changes.

[axel3rd]

@andreaturli : Thanks for grammar fix & suggestions. Fixed in Keystone v2-v3 authentication. Except about KeystoneProperties.KEYSTONE_VERSION ... not sure about that.

[andreaturli]

Actually @axel3rd I think we should somehow edit List Servers and Swift: Use Containers paragraphs as well pointing maybe the reader to the authentication section above instead of using

        novaApi = ContextBuilder.newBuilder(provider)
                .endpoint("http://xxx.xxx.xxx.xxx:5000/v2.0/")
                .credentials(identity, credential)
                .modules(modules)
                .buildApi(NovaApi.class);

wdyt?

[axel3rd]

pointing maybe the reader to the authentication section above instead of using

I have hesitate to do that ... but the current snippet explicits how to retrieve an API (nova, swift, ...) even if v2 is deprecated (v3 needs more code).
So keystone considerations was writted before (hoping that user read it before trying sample).

Perhaps a consensus could be to add a comment before ContextBuilder like:

// Please refer to 'Keystone v2-v3 authentication' for complete authentication use case

[nacx]

One minor comment, but it would help readability if you format the generated json auth example.

[jclouds-commentator]

Go to http://ae4404efef77109c76ca-bf5e3651b7ed971bf54720901bab17d5.r49.cf5.rackcdn.com/ to review your changes.

[jclouds-commentator]

Go to http://eb3572d47d95412306ae-9ba5d3580b14e830c75c09652bfd2f59.r53.cf5.rackcdn.com/ to review your changes.

[axel3rd]

Perhaps a consensus could be to add a comment before ContextBuilder like [...]:
One minor comment, but it would help readability if you format the generated json auth example.

Done (without new-line-comma for json, to reduce lines number). Last proposal: Keystone v2-v3 authentication (and following)

[nacx]

Thanks! LGTM.
Since you reference a new keystone property I'd hold this and merge once the changes in Keystone are merged and the new property exists.

[axel3rd]

Since you reference a new keystone property I'd hold this and merge once the changes in Keystone are merged and the new property exists.

Yes ... and perhaps some minor change on properties name in progress ...

[andreaturli]

thanks @axel3rd

[jclouds-commentator]

Go to http://ad99be29f1570e3a80bb-ec8c9f9fa769d9cd6f2ad277a7469fe8.r48.cf5.rackcdn.com/ to review your changes.

[axel3rd]

Yes ... and perhaps some minor change on properties name in progress ...

Done, 1 line changed:

overrides.put(KeystoneProperties.PROJECT_DOMAIN_NAME, "default"); // Since jclouds v2.2.0 (see PROJECT_DOMAIN_ID as complement)

Linked with jclouds#1204.

[nacx]

Changes merged and published to the website. Thanks @axel3rd!

[axel3rd]

@nacx : As a "new feature", I didn't thought it was could be integrated in v2.1.x, I will be attentive to the roadmap because this PR doc is perhaps not true: : Keystone v2-v3 authentication (v3: Project-scoped)

overrides.put(KeystoneProperties.PROJECT_DOMAIN_NAME, "default"); // Since jclouds v2.2.0 (see PROJECT_DOMAIN_ID as complement)

[nacx]

We can change that. As long as the feature does not break backward compat, I see no problem in adding it in the next bugfix release. It will help adoption and facilitate early testing.

[axel3rd]

So very valuable 2 characters PR ^^ : #215

[nacx]

Often these tiny PRs get more review comments and change requests than thousand lines ones! :)

[demobox]

[minor] Quite a few instances of "Openstack" (lowercase s) rather than "OpenStack" here - is that worth cleaning up?

[axel3rd]

In official documentation, "S" is in uppercase. I can do the cleanup in a way or the other, but we should choose :)

[demobox]

[minor] Drop "basically"; just "To login, provide:"?

[demobox]

[minor] "...compatibility between Keystone v2 and v3, but you should keep the following in mind to fully understand authentication against your OpenStack platform:

lots of examples

See also the recent "OpenStack Keystone v3 Support" blog post.

[demobox]

Is there any particular benefit to trying to list the request so exactly here? In my experience, these are the parts of documentation that go stale very quickly.

Can we instead either give the code samples to the user and explain how they can configure logging to see what exactly is being sent (if that is necessary), or describe this a bit more abstractly, e.g. in form of a table?

[axel3rd]

Configure logging to see what exactly is sent is simple (jclouds write the property to set to true and SLF4J in debug).

The (little) difficulty in jclouds authentication usage is the option to configure. It depends mainly of OpenStack platform configuration (v2, v3, domains, ...) ... and some manual REST tries on token endpoint could be required to see what is supported by the platform.

So these snippet are to help the user on jclouds usage when it has found its way of auhentication on OpenStack.

[demobox]

[minor] "section" rather than "chapter"? Also, should this comment perhaps come before the declaration of String identity?

[axel3rd]

@demobox : Thanks for the review. I will do it in a // PR (this one merged) after feedback on my remarks.

[demobox]

I will do it in a // PR (this one merged) after feedback on my remarks.

Thanks for taking a look! I should add that I think most of my comments are minor, and it's also fine to leave things as they are unless we feel there's really a good reason for a follow-up PR.

And thanks for helping improve the jclouds documentation, of course!