yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #46529
[Bug 1479578] Re: Domain-specific config breaks some ops
Reviewed: https://review.openstack.org/282080
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c73a81e61d059f4ab9e9cc29bad5528e1459444b
Submitter: Jenkins
Branch: master
commit c73a81e61d059f4ab9e9cc29bad5528e1459444b
Author: Matthew Edmonds <edmondsw@xxxxxxxxxx>
Date: Thu Feb 18 17:02:09 2016 -0500
Allow user list without specifying domain
With a single domain environment, users can be listed without
specifying a domain. When moving to a multiple domain environment,
this remains true for domain-scoped tokens but not for project-scoped
tokens. Project-scoped tokens currently only work if the domain_id
query parameter is specified. This has been a source of pain to many
users, and is unnecessary. Just as the desired domain is assumed to be
that to which the token is scoped when the token is domain-scoped,
keystone can assume the desired domain is that of the project's domain
when the token is project-scoped.
Change-Id: I1d06935c06661109a523c5b4547ff01f23235a89
Closes-Bug: 1479578
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1479578
Title:
Domain-specific config breaks some ops
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
I set up a multi-domain config on my devstack and tried to do a
simple:
$ openstack user list
with project-scoped environment variables (in fact I downloaded the
admin-openrc.sh from Horizon).
This results in:
ERROR: openstack The request you have made requires authentication.
(Disable debug mode to suppress these details.) (HTTP 401) (Request-
ID: req-b687e823-9896-4905-83d3-b1e45fa966ed)
If I disable domain-specific configs in the keystone.conf, it works
again.
If it *is* enabled, I can force a domain-specific request using
something like:
$ OS_TENANT_ID= OS_TENANT_NAME= OS_PROJECT_NAME= openstack --os-
domain-name <name> user list
However if I specify the default domain then I get this:
ERROR: openstack User 0fa9633d884a42448bbd386778ca6b87 has no access
to domain default (Disable debug mode to suppress these details.)
(HTTP 401) (Request-ID: req-65e053e4-33c2-4b7b-aedf-30d3ef88735c)
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1479578/+subscriptions
References