← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1696111] Re: Keystone confuses users when creating a trust when there's a roles name conflict

 

Also affects python-keystoneclient as it only support names. [0]
Agree that the correct solution is to allow ids also.

0. https://github.com/openstack/python-
keystoneclient/blob/71af540c81ecb933d912ef5ecde128afcc0deeeb/keystoneclient/v3/contrib/trusts.py#L41

** Also affects: python-keystoneclient
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1696111

Title:
  Keystone confuses users when creating a trust when there's a roles
  name conflict

Status in OpenStack Identity (keystone):
  Triaged
Status in python-keystoneclient:
  New
Status in python-openstackclient:
  New

Bug description:
  Due to code [1] Keystone produces a confusing message when:

  * We're using python-openstackclient
  * We're creating a trust with a role name that exists in more that one domain.

  "role %s is not defined" suggests that there isn't a role like that.
  What actually happens, Keystone cannot decide which role is the user's
  choice.

  python-openstackclient automatically converts role ids to role names
  when sending a POST request, so specifying roles using an id doesn't
  help at all.


  [1]
  https://github.com/openstack/keystone/blob/03319d1/keystone/trust/controllers.py#L90-L94

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1696111/+subscriptions


References