yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1555629] Re: v3/users reports all users in all domains excepts when domain_specific_drivers_enabled is set to true.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Steve Martinelli <1555629@xxxxxxxxxxxxxxxxxx>
Date: Tue, 02 Aug 2016 02:35:04 -0000
Reply-to: Bug 1555629 <1555629@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Sounds like this is a WONTFIX.

** Changed in: keystone
       Status: New => Won't Fix

** Changed in: keystone
     Assignee: Henry Nash (henry-nash) => (unassigned)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1555629

Title:
  v3/users reports all users in all domains excepts when
  domain_specific_drivers_enabled is set to true.

Status in OpenStack Identity (keystone):
  Won't Fix

Bug description:
  Hi,

  Setting "domain_specific_drivers_enabled=true" in the keystone.conf,
  prevents my calls to "/v3/users" to works when using the admin_token:

      @token="admin_token", @url="http://127.0.0.1:35357/v3

  ->

      /bin/openstack user list --quiet --format csv --long'
      127.0.0.1 - - [10/Mar/2016:08:15:41 -0500] "GET /v3/users HTTP/1.1" 401 114 "-" "python-keystoneclient"

  If I add a domain option to the openstack user list command, I get the
  users of the domain (not 401)

  If I do a project list it works and returns the complete list of all
  projects in all domains:

      Debug: Executing '/bin/openstack project list --quiet --format csv --long'
      127.0.0.1 - - [10/Mar/2016:08:22:00 -0500] "GET /v3/projects HTTP/1.1" 200 471 "-" "python-keystoneclient"
      => [{:id=>"1ff87dbb8e6e45d5b43a49a812fafb88", :name=>"admin", :domain_id=>"default", :description=>"Bootstrap project for initializing the cloud.", :enabled=>"True"},
       {:id=>"60f86c662af248449c1007fbf32ed5af", :name=>"openstackv3", :domain_id=>"463e1bb751374a0586a867a73cb35330", :description=>"admin tenant", :enabled=>"True"},
       {:id=>"746e5e3d02b04d079dfa639ac5d03886", :name=>"services", :domain_id=>"default", :description=>"Tenant for the openstack services", :enabled=>"True"},
       {:id=>"bcf81b0d73b74c85b01e1b15f38be64e", :name=>"openstack", :domain_id=>"default", :description=>"admin tenant", :enabled=>"True"},
       {:id=>"e00959d5ac2545a5a77d137d20e0f9f8", :name=>"servicesv3", :domain_id=>"a43714e50901474eb328daf380ef24ee", :description=>"Tenant for the openstack services", :enabled=>"True"}]

  If I try the exact same command (without the domain option) with
  "domain_specific_drivers_enabled=false" in keystone.conf, I get the
  list of users in all domains.

  This is rather confusing.  The "401", unauthorized error is confusing.
  The discrepancy between user and project behavior is confusing.

  So what is the "correct" behavior ?

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1555629/+subscriptions

References

[Bug 1555629] [NEW] v3/users reports all users in all domains excepts when domain_specific_drivers_enabled is set to true.
From: Sofer Athlan-Guyot, 2016-03-10