yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #45760
[Bug 1503741] Re: Admin with project-scoped token unable to list of users (got 401 HTTP Code)
Marking as invalid since this should have expired as incomplete long
ago.
** Changed in: keystone
Status: Incomplete => Invalid
** Changed in: keystone
Assignee: Boris Bobrov (bbobrov) => (unassigned)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1503741
Title:
Admin with project-scoped token unable to list of users (got 401 HTTP
Code)
Status in OpenStack Identity (keystone):
Invalid
Bug description:
Steps to reproduce:
1)Get project-scoped token for admin user (using API: http://address:port/v3/auth/tokens) with header "Content-Type: application/json" and body
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {"
"name": "admin",
"domain": { "id": "default" },
"password": "adminpwd"
}
}
},
"scope": {
"project": {
"name": "project_name",
"domain": { "id": "default" }
}
}
}
}
2)Using token from step 1 (from header "X-Subject-Token") get the list
of users (API: http://address:port/v3/users) with headers "Content-
Type: application/json" and "X-Auth-Token: token_from_step_1"
Expected result:
Admin with project-scoped should be able to list users
Actual result:
Admin with project-scoped can't list users - there is 401 HTTP code and following body of response
{
"error": {
"message": "The request you have made requires authentication. (Disable debug mode to suppress these details.)",
"code": 401,
"title": "Unauthorized"
}
}
But admin with domain-scoped can list users.
In policy.json is following rule for list_users: "rule:admin_required"
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1503741/+subscriptions
References
