yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #29014
[Bug 1427878] [NEW] cannot use v3 token with v2 services
Public bug reported:
Scenario: keystone is enabled for v3 with v3 policy
Create two domains: default domain has service user accounts and projects - user domain is backed by ldap and has plain end user accounts
Configure Horizon to be domain aware - hard code the user domain as the keystone domain to use by default
Configure a user in the user domain to have admin rights over the default domain service project
Can login to Horizon using a user from the user domain
Problem: most operations fail - not authorized - but Identity operations
work fine
I edited keystone/token/providers/common.py - I commented out the line
self._assert_default_domain(token_ref)
in def validate_v2_token(self, token_ref)
I restarted keystone
Now, everything works fine - no errors
Why isn't the service trying to validate the v3 token?
** Affects: keystone
Importance: Undecided
Assignee: Adam Young (ayoung)
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1427878
Title:
cannot use v3 token with v2 services
Status in OpenStack Identity (Keystone):
New
Bug description:
Scenario: keystone is enabled for v3 with v3 policy
Create two domains: default domain has service user accounts and projects - user domain is backed by ldap and has plain end user accounts
Configure Horizon to be domain aware - hard code the user domain as the keystone domain to use by default
Configure a user in the user domain to have admin rights over the default domain service project
Can login to Horizon using a user from the user domain
Problem: most operations fail - not authorized - but Identity
operations work fine
I edited keystone/token/providers/common.py - I commented out the line
self._assert_default_domain(token_ref)
in def validate_v2_token(self, token_ref)
I restarted keystone
Now, everything works fine - no errors
Why isn't the service trying to validate the v3 token?
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1427878/+subscriptions
Follow ups
References