Bug 1041944

Summary: [RFE][keystone]: Identity API resources to get lists of users or groups with certain role in project or domain
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: dyocum, markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/keystone/+spec/project-role-lists
Whiteboard: upstream_milestone_none upstream_status_unknown upstream_definition_obsolete
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 16:56:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 20:12:44 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/project-role-lists.

Description:

This issue appeared during the work on change https://review.openstack.org/#/c/20476/ triggered by Launchpad issue https://bugs.launchpad.net/python-keystoneclient/+bug/1070544.

Original request was to teach /users to accept GET-arguments "role" and "tenant". Dolph Matthews suggested adding new resources to v3 Identity API instead of adding functionality to existing V2 API resource.

Resources proposed by Dolph Matthews are following:
- List users with role on project:
GET /projects/{project_id}/roles/{role_id}/users

- List groups with roles on project:
GET /projects/{project_id}/roles/{role_id}/groups

- List users with roles on domain:
GET /domains/{domain_id}/roles/{role_id}/users

- List groups with roles on domain:
GET /domains/{domain_id}/roles/{role_id}/groups

This will not fix original problem but v2 API is going to be deprecated but the same request will appear for client working with v3 API and it would be good to remove the obstacle now.

Specification URL (additional information):

None