← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1366133] Re: User create via v3 API doesn't add _member_ role in default project

 

As described above, this is by design. Granting authorization in v3 is
more explicit than in v2.

** Changed in: keystone
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1366133

Title:
  User create via v3 API doesn't add _member_ role in default project

Status in OpenStack Identity (Keystone):
  Won't Fix

Bug description:
  There is a discrepancy between creating users via the v2 and v3 API's,
  which I'm not sure is a bug or by design:

  When creating a user via the v2 API, the _member_ role is added in
  their default project, but when creating via the v3 API, despite
  default_project_id being specified, it is not.

  If possible, I'd like the _member_ role to always be present, as we
  need a default role to delegate via trust for heat, and I'd like to
  move away from using a special heat_stack_owner role as it's confusing
  for users:

  https://review.openstack.org/#/c/119415/

  
  -bash-4.2$ openstack --os-token foobar --os-url=http://127.0.0.1:5000/v3 --os-identity-api-version=3 user create --domain Default --project demo test123456
  +--------------------+---------------------------------------------------------------------------------+
  | Field              | Value                                                                           |
  +--------------------+---------------------------------------------------------------------------------+
  | default_project_id | 19d521c102844134b4c141af967d75fd                                                |
  | domain_id          | default                                                                         |
  | enabled            | True                                                                            |
  | id                 | 479882b84fed407a9bc5a95778aba85e                                                |
  | links              | {u'self': u'http://192.168.0.4:5000/v3/users/479882b84fed407a9bc5a95778aba85e'} |
  | name               | test123456                                                                      |
  +--------------------+---------------------------------------------------------------------------------+
  -bash-4.2$ keystone user-create --tenant demo --name v2test123456
  +----------+----------------------------------+
  | Property |              Value               |
  +----------+----------------------------------+
  |  email   |                                  |
  | enabled  |               True               |
  |    id    | c8d14d95bec24a56b0414b41b94a9e4e |
  |   name   |           v2test123456           |
  | tenantId | 19d521c102844134b4c141af967d75fd |
  | username |           v2test123456           |
  +----------+----------------------------------+
  -bash-4.2$ keystone user-role-list --tenant demo --user test123456

  -bash-4.2$ keystone user-role-list --tenant demo --user v2test123456
  +----------------------------------+----------+----------------------------------+----------------------------------+
  |                id                |   name   |             user_id              |            tenant_id             |
  +----------------------------------+----------+----------------------------------+----------------------------------+
  | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | c8d14d95bec24a56b0414b41b94a9e4e | 19d521c102844134b4c141af967d75fd |
  +----------------------------------+----------+----------------------------------+----------------------------------+

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1366133/+subscriptions


References