yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1527729] Re: update keystone API - x-subject-token is required for head/delete/get /auth/tokens

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Steve Martinelli <stevemar@xxxxxxxxxx>
Date: Fri, 11 Mar 2016 01:43:27 -0000
Reply-to: Bug 1527729 <1527729@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: openstack-api-site
   Importance: Undecided
       Status: New

** Changed in: keystone
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1527729

Title:
  update keystone API - x-subject-token is required for head/delete/get
  /auth/tokens

Status in OpenStack Identity (keystone):
  Invalid
Status in openstack-api-site:
  In Progress

Bug description:
  Context : It may be a documentation "bug", but currently the
  documentation is explicit about what's optional or not...and this is
  the behaviour observed on devstack right now

  Impact : After retrieving a scoped token with keystone v3 API on devstack, a HTTP GET with v3/auth/tokens (which is supposed to validate / give info on the token) returns a 404 "Could not find token" if you don't specify a X-Subject-Token detail.
  It is marked as optional in the keystone v3 documentation...

  Concerned documentation :
  http://developer.openstack.org/api-ref-identity-v3.html#validateToken

  Step to reproduce :
  1- Get your devstack running (obviously)

  2- ask for a v3 scoped token
  curl -i http://<YOURDEVSTACKIP>:5000/v3/auth/tokens -X POST -H "Content-Type: application/json" -H "Accept: application/json" -d '{"auth" : {"identity" : {"methods" : ["password"], "password" : { "user" : { "name" : "admin","domain": {"name": "Default"},"password" : "password" } } }, "scope": {"project": {"name": "admin","domain": {"name": "Default"} } } } }'

  3- note down the token received on the answer's HTTP response in the X-Subject-Token field :
  X-Subject-Token: 41fd4e3ab0d14d37bbcc89730871bffd

  4- use that same token inside your HTTP GET header to retrieve info / validation on it :
  curl -i http://<YOURDEVSTACKIP>:5000/v3/auth/tokens -X GET -H "X-Auth-Token: 41fd4e3ab0d14d37bbcc89730871bffd" -H "Accept: application/json"

  Sad Panda

  5- now add the "X-Subject-Token" field with the same token :
  curl -i http://10.211.55.3:5000/v3/auth/tokens -X GET -H "X-Auth-Token: 41fd4e3ab0d14d37bbcc89730871bffd" -H "X-Subject-Token: 41fd4e3ab0d14d37bbcc89730871bffd" -H "Accept: application/json"

  6- Profit - happy panda

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1527729/+subscriptions