yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1696111] Re: Keystone confuses users when creating a trust when there's a roles name conflict

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Kristi Nikolla <knikolla@xxxxxx>
Date: Wed, 14 Jun 2017 19:25:51 -0000
Reply-to: Bug 1696111 <1696111@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Also affects python-keystoneclient as it only support names. [0]
Agree that the correct solution is to allow ids also.

0. https://github.com/openstack/python-
keystoneclient/blob/71af540c81ecb933d912ef5ecde128afcc0deeeb/keystoneclient/v3/contrib/trusts.py#L41

** Also affects: python-keystoneclient
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1696111

Title:
  Keystone confuses users when creating a trust when there's a roles
  name conflict

Status in OpenStack Identity (keystone):
  Triaged
Status in python-keystoneclient:
  New
Status in python-openstackclient:
  New

Bug description:
  Due to code [1] Keystone produces a confusing message when:

  * We're using python-openstackclient
  * We're creating a trust with a role name that exists in more that one domain.

  "role %s is not defined" suggests that there isn't a role like that.
  What actually happens, Keystone cannot decide which role is the user's
  choice.

  python-openstackclient automatically converts role ids to role names
  when sending a POST request, so specifying roles using an id doesn't
  help at all.


  [1]
  https://github.com/openstack/keystone/blob/03319d1/keystone/trust/controllers.py#L90-L94

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1696111/+subscriptions

References

[Bug 1696111] [NEW] Keystone confuses users when creating a trust when there's a roles name conflict
From: Michal Dulko, 2017-06-06