← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #47793

[Bug 1555629] [NEW] v3/users reports all users in all domains excepts when domain_specific_drivers_enabled is set to true.

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Hi,

Setting "domain_specific_drivers_enabled=true" in the kesytone.conf,
prevents my calls to "/v3/users" to works when using the admin_token:

    @token="admin_token", @url="http://127.0.0.1:35357/v3

->

    /bin/openstack user list --quiet --format csv --long'
    127.0.0.1 - - [10/Mar/2016:08:15:41 -0500] "GET /v3/users HTTP/1.1" 401 114 "-" "python-keystoneclient"


If I add a domain option to the openstack user list command, I get the
users of the domain (not 401)

If I do a project list it works and returns the complete list of all
projects in all domains:

    Debug: Executing '/bin/openstack project list --quiet --format csv --long'
    127.0.0.1 - - [10/Mar/2016:08:22:00 -0500] "GET /v3/projects HTTP/1.1" 200 471 "-" "python-keystoneclient"
    => [{:id=>"1ff87dbb8e6e45d5b43a49a812fafb88", :name=>"admin", :domain_id=>"default", :description=>"Bootstrap project for initializing the cloud.", :enabled=>"True"},
     {:id=>"60f86c662af248449c1007fbf32ed5af", :name=>"openstackv3", :domain_id=>"463e1bb751374a0586a867a73cb35330", :description=>"admin tenant", :enabled=>"True"},
     {:id=>"746e5e3d02b04d079dfa639ac5d03886", :name=>"services", :domain_id=>"default", :description=>"Tenant for the openstack services", :enabled=>"True"},
     {:id=>"bcf81b0d73b74c85b01e1b15f38be64e", :name=>"openstack", :domain_id=>"default", :description=>"admin tenant", :enabled=>"True"},
     {:id=>"e00959d5ac2545a5a77d137d20e0f9f8", :name=>"servicesv3", :domain_id=>"a43714e50901474eb328daf380ef24ee", :description=>"Tenant for the openstack services", :enabled=>"True"}]
    

If I try the exact same command (without the domain option) with
"domain_specific_drivers_enabled=false" in keystone.conf, I get the
list of users in all domains.

This is rather confusing.  The "401", unauthorized error is confusing.
The discrepancy between user and project behavior is confusing.

So what is the "correct" behavior ?

** Affects: keystone
     Importance: Undecided
         Status: New

** Project changed: horizon => keystone

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1555629

Title:
  v3/users reports all users in all domains excepts when
  domain_specific_drivers_enabled is set to true.

Status in OpenStack Identity (keystone):
  New

Bug description:
  Hi,

  Setting "domain_specific_drivers_enabled=true" in the kesytone.conf,
  prevents my calls to "/v3/users" to works when using the admin_token:

      @token="admin_token", @url="http://127.0.0.1:35357/v3

  ->

      /bin/openstack user list --quiet --format csv --long'
      127.0.0.1 - - [10/Mar/2016:08:15:41 -0500] "GET /v3/users HTTP/1.1" 401 114 "-" "python-keystoneclient"

  
  If I add a domain option to the openstack user list command, I get the
  users of the domain (not 401)

  If I do a project list it works and returns the complete list of all
  projects in all domains:

      Debug: Executing '/bin/openstack project list --quiet --format csv --long'
      127.0.0.1 - - [10/Mar/2016:08:22:00 -0500] "GET /v3/projects HTTP/1.1" 200 471 "-" "python-keystoneclient"
      => [{:id=>"1ff87dbb8e6e45d5b43a49a812fafb88", :name=>"admin", :domain_id=>"default", :description=>"Bootstrap project for initializing the cloud.", :enabled=>"True"},
       {:id=>"60f86c662af248449c1007fbf32ed5af", :name=>"openstackv3", :domain_id=>"463e1bb751374a0586a867a73cb35330", :description=>"admin tenant", :enabled=>"True"},
       {:id=>"746e5e3d02b04d079dfa639ac5d03886", :name=>"services", :domain_id=>"default", :description=>"Tenant for the openstack services", :enabled=>"True"},
       {:id=>"bcf81b0d73b74c85b01e1b15f38be64e", :name=>"openstack", :domain_id=>"default", :description=>"admin tenant", :enabled=>"True"},
       {:id=>"e00959d5ac2545a5a77d137d20e0f9f8", :name=>"servicesv3", :domain_id=>"a43714e50901474eb328daf380ef24ee", :description=>"Tenant for the openstack services", :enabled=>"True"}]
      

  If I try the exact same command (without the domain option) with
  "domain_specific_drivers_enabled=false" in keystone.conf, I get the
  list of users in all domains.

  This is rather confusing.  The "401", unauthorized error is confusing.
  The discrepancy between user and project behavior is confusing.

  So what is the "correct" behavior ?

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1555629/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next