← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #50984

[Bug 1582376] [NEW] setting user's default_project_id to a domain ID yield HTTP 400 instead of unscoped token

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Per spec, if user's default_project_id is invalid (i.e. either it is
bogus, disabled, or user have no roles assigned on it), it should be
ignored at token request. In otherwise, it should result in an unscoped
token.

With the domain-is-project changes recently, if you accidentally set the
user's default_project_id to a domain_id, you will get an HTTP 400 on
token request.

Steps to reproduce:

1. set the user default_project_id to an existing domain_id
2. on token request, HTTP 400 is returned

$ curl -k -d '{"auth":{"identity": {"methods":["password"],"password":{"user": {"name": "foo","password": "bar","domain":{"id":"default"}}}}}}' -H "Content-type: application/json" http://10.0.2.15:5000/v3/auth/tokens |python -mjson.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   258  100   101  100   157    229    357 --:--:-- --:--:-- --:--:--   357
{
    "error": {
        "code": 400,
        "message": "obj
ect of type 'NoneType' has no len()",
        "title": "Bad Request"
    }
}

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1582376

Title:
  setting user's default_project_id to a domain ID yield HTTP 400
  instead of unscoped token

Status in OpenStack Identity (keystone):
  New

Bug description:
  Per spec, if user's default_project_id is invalid (i.e. either it is
  bogus, disabled, or user have no roles assigned on it), it should be
  ignored at token request. In otherwise, it should result in an
  unscoped token.

  With the domain-is-project changes recently, if you accidentally set
  the user's default_project_id to a domain_id, you will get an HTTP 400
  on token request.

  Steps to reproduce:

  1. set the user default_project_id to an existing domain_id
  2. on token request, HTTP 400 is returned

  $ curl -k -d '{"auth":{"identity": {"methods":["password"],"password":{"user": {"name": "foo","password": "bar","domain":{"id":"default"}}}}}}' -H "Content-type: application/json" http://10.0.2.15:5000/v3/auth/tokens |python -mjson.tool
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                   Dload  Upload   Total   Spent    Left  Speed
  100   258  100   101  100   157    229    357 --:--:-- --:--:-- --:--:--   357
  {
      "error": {
          "code": 400,
          "message": "obj
  ect of type 'NoneType' has no len()",
          "title": "Bad Request"
      }
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1582376/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next