← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #09295

[Bug 1276244] [NEW] v2 default domain not respected via admin endpoint

  Thread PreviousDate PreviousThread Next 
Public bug reported:

So I'm not sure if this is a bug or a feature I just don't want, but it
seems that requesting a tenant list via the v2.0 API via the admin
endpoint doesn't respect the "default" domain, so you see projects for
all domains:

[shardy@localhost ~]$ keystone --os-token f3aaf1597ad546f3a71dd7fd71c2af47 --os-endpoint http://127.0.0.1:5000/v2.0     tenant-list
+----------------------------------+-------+---------+
|                id                |  name | enabled |
+----------------------------------+-------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 | admin |   True  |
| b5d498f9631244b59912ce2a0025cf8d |  demo |   True  |

+----------------------------------+-------+---------+
[shardy@localhost ~]$ keystone --os-token f3aaf1597ad546f3a71dd7fd71c2af47 --os-endpoint http://127.0.0.1:35357/v2.0 tenant-list
+----------------------------------+---------------------+---------+
|                id                |         name        | enabled |
+----------------------------------+---------------------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 |        admin        |   True  |
| 620f89a53d35496493a7041bbd874568 |       alt_demo      |   True  |
| b5d498f9631244b59912ce2a0025cf8d |         demo        |   True  |
| b5caca84c0db4527a4d51200e9abdece |  invisible_to_admin |   True  |
| cbbffb57ff0149f1b834898ea359c9e9 |   notdefault11601   |   True  |
| be4cd31a14ab4ca9bdd93ed23c383f8c |  notindefaultdomain |   True  |
| 2752427c70784ed696482dbf2420f8ac | notindefaultdomain2 |   True  |
| c8d527072b284247bd05441583eb0751 | notindefaultdomain3 |   True  |
| f7d52276b01c4931986000913a23deff |       service       |   True  |
+----------------------------------+---------------------+---------+

This is particularly confusing when combined with the magic properties
of keystoneclient's --os-tenant-name option, which means that if you
specify the admin tenant (openrc admin admin), then it selects the admin
endpoint:

[shardy@localhost ~]$ keystone --os-username admin --os-password foobar --os-auth-url http://127.0.0.1:5000/v2.0 tenant-list
+----------------------------------+-------+---------+
|                id                |  name | enabled |
+----------------------------------+-------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 | admin |   True  |
| b5d498f9631244b59912ce2a0025cf8d |  demo |   True  |
+----------------------------------+-------+---------+
[shardy@localhost ~]$ keystone --os-tenant-name admin --os-username admin --os-password foobar --os-auth-url http://127.0.0.1:5000/v2.0 tenant-list
+----------------------------------+---------------------+---------+
|                id                |         name        | enabled |
+----------------------------------+---------------------+---------+
| 20aedb59aeb247b1a5ec7332843ab092 |        admin        |   True  |
| 620f89a53d35496493a7041bbd874568 |       alt_demo      |   True  |
| b5d498f9631244b59912ce2a0025cf8d |         demo        |   True  |
| b5caca84c0db4527a4d51200e9abdece |  invisible_to_admin |   True  |
| cbbffb57ff0149f1b834898ea359c9e9 |   notdefault11601   |   True  |
| be4cd31a14ab4ca9bdd93ed23c383f8c |  notindefaultdomain |   True  |
| 2752427c70784ed696482dbf2420f8ac | notindefaultdomain2 |   True  |
| c8d527072b284247bd05441583eb0751 | notindefaultdomain3 |   True  |
| f7d52276b01c4931986000913a23deff |       service       |   True  |
+----------------------------------+---------------------+---------+


Can anyone clarify if this is working as designed or a bug?

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1276244

Title:
  v2 default domain not respected via admin endpoint

Status in OpenStack Identity (Keystone):
  New

Bug description:
  So I'm not sure if this is a bug or a feature I just don't want, but
  it seems that requesting a tenant list via the v2.0 API via the admin
  endpoint doesn't respect the "default" domain, so you see projects for
  all domains:

  [shardy@localhost ~]$ keystone --os-token f3aaf1597ad546f3a71dd7fd71c2af47 --os-endpoint http://127.0.0.1:5000/v2.0     tenant-list
  +----------------------------------+-------+---------+
  |                id                |  name | enabled |
  +----------------------------------+-------+---------+
  | 20aedb59aeb247b1a5ec7332843ab092 | admin |   True  |
  | b5d498f9631244b59912ce2a0025cf8d |  demo |   True  |

  +----------------------------------+-------+---------+
  [shardy@localhost ~]$ keystone --os-token f3aaf1597ad546f3a71dd7fd71c2af47 --os-endpoint http://127.0.0.1:35357/v2.0 tenant-list
  +----------------------------------+---------------------+---------+
  |                id                |         name        | enabled |
  +----------------------------------+---------------------+---------+
  | 20aedb59aeb247b1a5ec7332843ab092 |        admin        |   True  |
  | 620f89a53d35496493a7041bbd874568 |       alt_demo      |   True  |
  | b5d498f9631244b59912ce2a0025cf8d |         demo        |   True  |
  | b5caca84c0db4527a4d51200e9abdece |  invisible_to_admin |   True  |
  | cbbffb57ff0149f1b834898ea359c9e9 |   notdefault11601   |   True  |
  | be4cd31a14ab4ca9bdd93ed23c383f8c |  notindefaultdomain |   True  |
  | 2752427c70784ed696482dbf2420f8ac | notindefaultdomain2 |   True  |
  | c8d527072b284247bd05441583eb0751 | notindefaultdomain3 |   True  |
  | f7d52276b01c4931986000913a23deff |       service       |   True  |
  +----------------------------------+---------------------+---------+

  This is particularly confusing when combined with the magic properties
  of keystoneclient's --os-tenant-name option, which means that if you
  specify the admin tenant (openrc admin admin), then it selects the
  admin endpoint:

  [shardy@localhost ~]$ keystone --os-username admin --os-password foobar --os-auth-url http://127.0.0.1:5000/v2.0 tenant-list
  +----------------------------------+-------+---------+
  |                id                |  name | enabled |
  +----------------------------------+-------+---------+
  | 20aedb59aeb247b1a5ec7332843ab092 | admin |   True  |
  | b5d498f9631244b59912ce2a0025cf8d |  demo |   True  |
  +----------------------------------+-------+---------+
  [shardy@localhost ~]$ keystone --os-tenant-name admin --os-username admin --os-password foobar --os-auth-url http://127.0.0.1:5000/v2.0 tenant-list
  +----------------------------------+---------------------+---------+
  |                id                |         name        | enabled |
  +----------------------------------+---------------------+---------+
  | 20aedb59aeb247b1a5ec7332843ab092 |        admin        |   True  |
  | 620f89a53d35496493a7041bbd874568 |       alt_demo      |   True  |
  | b5d498f9631244b59912ce2a0025cf8d |         demo        |   True  |
  | b5caca84c0db4527a4d51200e9abdece |  invisible_to_admin |   True  |
  | cbbffb57ff0149f1b834898ea359c9e9 |   notdefault11601   |   True  |
  | be4cd31a14ab4ca9bdd93ed23c383f8c |  notindefaultdomain |   True  |
  | 2752427c70784ed696482dbf2420f8ac | notindefaultdomain2 |   True  |
  | c8d527072b284247bd05441583eb0751 | notindefaultdomain3 |   True  |
  | f7d52276b01c4931986000913a23deff |       service       |   True  |
  +----------------------------------+---------------------+---------+

  
  Can anyone clarify if this is working as designed or a bug?

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1276244/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next