yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #09295
[Bug 1276244] [NEW] v2 default domain not respected via admin endpoint
Public bug reported:
So I'm not sure if this is a bug or a feature I just don't want, but it
seems that requesting a tenant list via the v2.0 API via the admin
endpoint doesn't respect the "default" domain, so you see projects for
all domains:
[shardy@localhost ~]$ keystone --os-token f3aaf1597ad546f3a71dd7fd71c2af47 --os-endpoint http://127.0.0.1:5000/v2.0 tenant-list
+----------------------------------+-------+---------+
| id | name | enabled |
+----------------------------------+-------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 | admin | True |
| b5d498f9631244b59912ce2a0025cf8d | demo | True |
+----------------------------------+-------+---------+
[shardy@localhost ~]$ keystone --os-token f3aaf1597ad546f3a71dd7fd71c2af47 --os-endpoint http://127.0.0.1:35357/v2.0 tenant-list
+----------------------------------+---------------------+---------+
| id | name | enabled |
+----------------------------------+---------------------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 | admin | True |
| 620f89a53d35496493a7041bbd874568 | alt_demo | True |
| b5d498f9631244b59912ce2a0025cf8d | demo | True |
| b5caca84c0db4527a4d51200e9abdece | invisible_to_admin | True |
| cbbffb57ff0149f1b834898ea359c9e9 | notdefault11601 | True |
| be4cd31a14ab4ca9bdd93ed23c383f8c | notindefaultdomain | True |
| 2752427c70784ed696482dbf2420f8ac | notindefaultdomain2 | True |
| c8d527072b284247bd05441583eb0751 | notindefaultdomain3 | True |
| f7d52276b01c4931986000913a23deff | service | True |
+----------------------------------+---------------------+---------+
This is particularly confusing when combined with the magic properties
of keystoneclient's --os-tenant-name option, which means that if you
specify the admin tenant (openrc admin admin), then it selects the admin
endpoint:
[shardy@localhost ~]$ keystone --os-username admin --os-password foobar --os-auth-url http://127.0.0.1:5000/v2.0 tenant-list
+----------------------------------+-------+---------+
| id | name | enabled |
+----------------------------------+-------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 | admin | True |
| b5d498f9631244b59912ce2a0025cf8d | demo | True |
+----------------------------------+-------+---------+
[shardy@localhost ~]$ keystone --os-tenant-name admin --os-username admin --os-password foobar --os-auth-url http://127.0.0.1:5000/v2.0 tenant-list
+----------------------------------+---------------------+---------+
| id | name | enabled |
+----------------------------------+---------------------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 | admin | True |
| 620f89a53d35496493a7041bbd874568 | alt_demo | True |
| b5d498f9631244b59912ce2a0025cf8d | demo | True |
| b5caca84c0db4527a4d51200e9abdece | invisible_to_admin | True |
| cbbffb57ff0149f1b834898ea359c9e9 | notdefault11601 | True |
| be4cd31a14ab4ca9bdd93ed23c383f8c | notindefaultdomain | True |
| 2752427c70784ed696482dbf2420f8ac | notindefaultdomain2 | True |
| c8d527072b284247bd05441583eb0751 | notindefaultdomain3 | True |
| f7d52276b01c4931986000913a23deff | service | True |
+----------------------------------+---------------------+---------+
Can anyone clarify if this is working as designed or a bug?
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1276244
Title:
v2 default domain not respected via admin endpoint
Status in OpenStack Identity (Keystone):
New
Bug description:
So I'm not sure if this is a bug or a feature I just don't want, but
it seems that requesting a tenant list via the v2.0 API via the admin
endpoint doesn't respect the "default" domain, so you see projects for
all domains:
[shardy@localhost ~]$ keystone --os-token f3aaf1597ad546f3a71dd7fd71c2af47 --os-endpoint http://127.0.0.1:5000/v2.0 tenant-list
+----------------------------------+-------+---------+
| id | name | enabled |
+----------------------------------+-------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 | admin | True |
| b5d498f9631244b59912ce2a0025cf8d | demo | True |
+----------------------------------+-------+---------+
[shardy@localhost ~]$ keystone --os-token f3aaf1597ad546f3a71dd7fd71c2af47 --os-endpoint http://127.0.0.1:35357/v2.0 tenant-list
+----------------------------------+---------------------+---------+
| id | name | enabled |
+----------------------------------+---------------------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 | admin | True |
| 620f89a53d35496493a7041bbd874568 | alt_demo | True |
| b5d498f9631244b59912ce2a0025cf8d | demo | True |
| b5caca84c0db4527a4d51200e9abdece | invisible_to_admin | True |
| cbbffb57ff0149f1b834898ea359c9e9 | notdefault11601 | True |
| be4cd31a14ab4ca9bdd93ed23c383f8c | notindefaultdomain | True |
| 2752427c70784ed696482dbf2420f8ac | notindefaultdomain2 | True |
| c8d527072b284247bd05441583eb0751 | notindefaultdomain3 | True |
| f7d52276b01c4931986000913a23deff | service | True |
+----------------------------------+---------------------+---------+
This is particularly confusing when combined with the magic properties
of keystoneclient's --os-tenant-name option, which means that if you
specify the admin tenant (openrc admin admin), then it selects the
admin endpoint:
[shardy@localhost ~]$ keystone --os-username admin --os-password foobar --os-auth-url http://127.0.0.1:5000/v2.0 tenant-list
+----------------------------------+-------+---------+
| id | name | enabled |
+----------------------------------+-------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 | admin | True |
| b5d498f9631244b59912ce2a0025cf8d | demo | True |
+----------------------------------+-------+---------+
[shardy@localhost ~]$ keystone --os-tenant-name admin --os-username admin --os-password foobar --os-auth-url http://127.0.0.1:5000/v2.0 tenant-list
+----------------------------------+---------------------+---------+
| id | name | enabled |
+----------------------------------+---------------------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 | admin | True |
| 620f89a53d35496493a7041bbd874568 | alt_demo | True |
| b5d498f9631244b59912ce2a0025cf8d | demo | True |
| b5caca84c0db4527a4d51200e9abdece | invisible_to_admin | True |
| cbbffb57ff0149f1b834898ea359c9e9 | notdefault11601 | True |
| be4cd31a14ab4ca9bdd93ed23c383f8c | notindefaultdomain | True |
| 2752427c70784ed696482dbf2420f8ac | notindefaultdomain2 | True |
| c8d527072b284247bd05441583eb0751 | notindefaultdomain3 | True |
| f7d52276b01c4931986000913a23deff | service | True |
+----------------------------------+---------------------+---------+
Can anyone clarify if this is working as designed or a bug?
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1276244/+subscriptions
Follow ups
References