yahoo-eng-team team mailing list archive

[Guang Yee <1275145@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

2014-01-31 15:42:14.656 2631 WARNING keystone.common.wsgi [-] Invalid token in _get_trust_id_for_request
2014-01-31 15:42:14.657 2631 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 127.0.0.1


Reason is we are doing trust lookup on credential creation and that requires a token.

See
https://github.com/openstack/keystone/blob/master/keystone/common/wsgi.py#L300

This won't work with the ADMIN token or customize SSL authorization.

btw, there shouldn't be an explicit linkage of credential with trust.
Trust should be part of auth scope, not the credential itself. This is
like linking user password to a trust.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1275145

Title:
  can't create credential with ADMIN token

Status in OpenStack Identity (Keystone):
  New

Bug description:
  2014-01-31 15:42:14.656 2631 WARNING keystone.common.wsgi [-] Invalid token in _get_trust_id_for_request
  2014-01-31 15:42:14.657 2631 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 127.0.0.1

  
  Reason is we are doing trust lookup on credential creation and that requires a token.

  See
  https://github.com/openstack/keystone/blob/master/keystone/common/wsgi.py#L300

  This won't work with the ADMIN token or customize SSL authorization.

  btw, there shouldn't be an explicit linkage of credential with trust.
  Trust should be part of auth scope, not the credential itself. This is
  like linking user password to a trust.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1275145/+subscriptions