yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #61927
[Bug 1667194] Re: [api] The param "X-Subject-Token" is not needed in API "GET /v3/auth/projects"
Reviewed: https://review.openstack.org/437973
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=df139efda5345d5c388bc55f400c04f266e51fc3
Submitter: Jenkins
Branch: master
commit df139efda5345d5c388bc55f400c04f266e51fc3
Author: Kristi Nikolla <knikolla@xxxxxx>
Date: Fri Feb 24 11:23:17 2017 -0500
Remove x-subject-token in api-ref for v3/auth/{projects,domains}
Only x-auth-token is required for these api calls, but the
api-ref mentions x-subject-token as required also.
This fixes that by removing x-subject-token from the call docs.
Change-Id: Ib30a71b81939b11363aced4aecd545049c210380
Closes-Bug: 1667194
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1667194
Title:
[api] The param "X-Subject-Token" is not needed in API "GET
/v3/auth/projects"
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
In the API guide about "GET /v3/auth/projects", request param "X-Subject-Token" is needed and the description is "The authentication token. An authentication response returns the token ID in this header rather than in the response body.".
But, this API call returns the list of projects that are available to be scoped to based on the X-Auth-Token provided in the request, "X-Subject-Token" is needless.Otherwise, the description about request param "X-Auth-Token" says "A valid authentication token for an administrative user.", it is wrong, this API need not admin permission.
For example:
[root@newton ~]# openstack user list
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| 0f1d08247293493487eef8e75d7a2026 | glance |
| 1f5d5b4c4b474550bb6c1038a127a9dc | alt_demo |
| 2580828c8b2346fc90125ccbdfa35e4f | nova |
| 4bf88609b3594388aee89219d402c676 | cinder |
| 8c1e33157bd242ff9a80e4ddf026897d | neutron |
| d3751d1b99a24adbbb447a6a7a3ec67b | demo |
| e18f6644b2534d51946712c69099a71e | admin |
+----------------------------------+----------+
[root@newton ~]#
[root@newton ~]#
[root@newton ~]# openstack user create test
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | bc4a40549c074df8a320c19cba9f59d4 |
| name | test |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@newton ~]# openstack project create test-project
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| enabled | True |
| id | 42e84e39c3c34b6cbef39045fad7d46b |
| is_domain | False |
| name | test-project |
| parent_id | default |
+-------------+----------------------------------+
[root@newton ~]# openstack role create test-role
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 1ba4a059c608410a986254efa333c352 |
| name | test-role |
+-----------+----------------------------------+
[root@newton ~]# openstack role add --user bc4a40549c074df8a320c19cba9f59d4 --project 42e84e39c3c34b6cbef39045fad7d46b 1ba4a059c608410a986254efa333c352
[root@newton ~]# openstack role assignment list | grep bc4a40549c074df8a320c19cba9f59d4
| 1ba4a059c608410a986254efa333c352 | bc4a40549c074df8a320c19cba9f59d4 | | 42e84e39c3c34b6cbef39045fad7d46b | | False |
[root@newton ~]# export ADMIN_TOKEN=`openstack token issue -c id -f value`
[root@newton ~]# openstack user set --password 123 bc4a40549c074df8a320c19cba9f59d4
[root@newton ~]# export TEST_TOKEN=`curl -si -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"domain":{"name":"Default"},"name":"test","password":"123"}}},"scope":{"project":{"domain":{"name":"Default"},"name":"test-project"}}}}' -H "Content-type: application/json" http://192.168.51.188:35357/v3/auth/tokens | awk '/X-Subject-Token/ {print $2}'`
[root@newton ~]#
[root@newton ~]# echo $ADMIN_TOKEN
f5b0e5bb89d44ec38c9e5102e7a20fdb
[root@newton ~]# echo $TEST_TOKEN
c30e3c7a5b56455da04c493624b64805
[root@newton ~]# curl -s -H "Content-type: application/json" -H "X-Auth-Token: f5b0e5bb89d44ec38c9e5102e7a20fdb" -H "X-Subject-Token: 00862092ecc54ed890694377ed3e0010" http://192.168.51.188:35357/v3/auth/projects | python -m json.tool
{
"links": {
"next": null,
"previous": null,
"self": "http://192.168.51.188/identity/v3/auth/projects";
},
"projects": [
{
"description": "Bootstrap project for initializing the cloud.",
"domain_id": "default",
"enabled": true,
"id": "197ec32558754c84993d5d999e40f3d5",
"is_domain": false,
"links": {
"self": "http://192.168.51.188/identity/v3/projects/197ec32558754c84993d5d999e40f3d5";
},
"name": "admin",
"parent_id": "default"
},
{
"description": "",
"domain_id": "default",
"enabled": true,
"id": "7adcaac45b3449d68a3d9d9c32701b40",
"is_domain": false,
"links": {
"self": "http://192.168.51.188/identity/v3/projects/7adcaac45b3449d68a3d9d9c32701b40";
},
"name": "alt_demo",
"parent_id": "default"
},
{
"description": "",
"domain_id": "default",
"enabled": true,
"id": "8f70581e91df49bfb12ad5fe033844e8",
"is_domain": false,
"links": {
"self": "http://192.168.51.188/identity/v3/projects/8f70581e91df49bfb12ad5fe033844e8";
},
"name": "demo",
"parent_id": "default"
}
]
}
[root@newton ~]#
[root@newton ~]# curl -s -H "Content-type: application/json" -H "X-Auth-Token: f5b0e5bb89d44ec38c9e5102e7a20fdb" http://192.168.51.188:35357/v3/auth/projects | python -m json.tool
{
"links": {
"next": null,
"previous": null,
"self": "http://192.168.51.188/identity/v3/auth/projects";
},
"projects": [
{
"description": "Bootstrap project for initializing the cloud.",
"domain_id": "default",
"enabled": true,
"id": "197ec32558754c84993d5d999e40f3d5",
"is_domain": false,
"links": {
"self": "http://192.168.51.188/identity/v3/projects/197ec32558754c84993d5d999e40f3d5";
},
"name": "admin",
"parent_id": "default"
},
{
"description": "",
"domain_id": "default",
"enabled": true,
"id": "7adcaac45b3449d68a3d9d9c32701b40",
"is_domain": false,
"links": {
"self": "http://192.168.51.188/identity/v3/projects/7adcaac45b3449d68a3d9d9c32701b40";
},
"name": "alt_demo",
"parent_id": "default"
},
{
"description": "",
"domain_id": "default",
"enabled": true,
"id": "8f70581e91df49bfb12ad5fe033844e8",
"is_domain": false,
"links": {
"self": "http://192.168.51.188/identity/v3/projects/8f70581e91df49bfb12ad5fe033844e8";
},
"name": "demo",
"parent_id": "default"
}
]
}
[root@newton ~]#
[root@newton ~]# curl -s -H "Content-type: application/json" -H "X-Auth-Token: 00862092ecc54ed890694377ed3e0010" http://192.168.51.188:35357/v3/auth/projects | python -m json.tool
{
"links": {
"next": null,
"previous": null,
"self": "http://192.168.51.188/identity/v3/auth/projects";
},
"projects": [
{
"description": "",
"domain_id": "default",
"enabled": true,
"id": "42e84e39c3c34b6cbef39045fad7d46b",
"is_domain": false,
"links": {
"self": "http://192.168.51.188/identity/v3/projects/42e84e39c3c34b6cbef39045fad7d46b";
},
"name": "test-project",
"parent_id": "default"
}
]
}
[root@newton ~]#
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1667194/+subscriptions
References
