yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #29036
[Bug 1427878] Re: cannot use v3 token with v2 services
The issue is with configuring Nova. When I edited Nova's conf file so
that authe vesrion was unset, like this:
auth_version=
And restarted all the Nova services, it worked.
** Changed in: keystone
Importance: Critical => Medium
** Also affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1427878
Title:
Nova cannot validate v3 token by default
Status in OpenStack Compute (Nova):
New
Bug description:
Scenario: keystone is enabled for v3 with v3 policy
Create two domains: default domain has service user accounts and projects - user domain is backed by ldap and has plain end user accounts
Configure Horizon to be domain aware - hard code the user domain as the keystone domain to use by default
Configure a user in the user domain to have admin rights over the default domain service project
Can login to Horizon using a user from the user domain
Problem: most operations fail - not authorized - but Identity
operations work fine
I edited keystone/token/providers/common.py - I commented out the line
self._assert_default_domain(token_ref)
in def validate_v2_token(self, token_ref)
I restarted keystone
Now, everything works fine - no errors
Why isn't the service trying to validate the v3 token?
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1427878/+subscriptions
References