yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #75323
[Bug 1797939] Re: Example in section "Create system-scoped token" is wrong
Reviewed: https://review.openstack.org/611685
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=33295032d95d0e85d68ea28a348d12b4e980a723
Submitter: Zuul
Branch: master
commit 33295032d95d0e85d68ea28a348d12b4e980a723
Author: Magnus Lööf <magnus.loof@xxxxxxxxx>
Date: Thu Oct 18 19:51:57 2018 +0200
Fix example for getting system scoped token
Previously, the example for getting a system scoped token read
`--os-system` which does not work.
Change-Id: Ic7d6e089f0c28e026192e83b56b487180bca09e3
Closes-Bug: 1797939
Signed-off-by: Magnus Lööf <magnus.loof@xxxxxxxxx>
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1797939
Title:
Example in section "Create system-scoped token" is wrong
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
This bug tracker is for errors with the documentation, use the
following as a template and remove or add fields as you see fit.
Convert [ ] into [x] to check boxes:
- [x] This doc is inaccurate in this way: The example for Create
system-scoped token says to use `--os-system` argument to the
`openstack` cli tool. This does not work in:
```
$ openstack --version
openstack 3.16.1
```
```
$ openstack --help | grep system
[--os-system-scope <auth-system-scope>]
--os-system-scope <auth-system-scope>
With password: Scope for system operations With
v3oidcauthcode: Scope for system operations With
v3oidcpassword: Scope for system operations With
v3password: Scope for system operations With
v3oidcaccesstoken: Scope for system operations With
token: Scope for system operations With
v3oidcclientcredentials: Scope for system operations
With v3token: Scope for system operations With v3totp:
Scope for system operations With
v3applicationcredential: Scope for system operations
...
```
Also, I cannot figure out how to actually do what the example suggest:
issue a token scoped to the system, which is what I want to remove
this deprecation warning in the logs:
```
/usr/lib/python2.7/site-packages/oslo_policy/policy.py:896: UserWarning: Policy identity:list_domains failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
```
- [ ] This is a doc addition request.
- [ ] I have a fix to the document that I can paste below including example: input and output.
If you have a troubleshooting or support issue, use the following
resources:
- Ask OpenStack: http://ask.openstack.org
- The mailing list: http://lists.openstack.org
- IRC: 'openstack' channel on Freenode
-----------------------------------
Release: on 2018-10-09 13:15
SHA: 86cc778774bc6a561911be05075b4e3cdf6ef2b0
Source: https://git.openstack.org/cgit/openstack/keystone/tree/doc/source/admin/identity-tokens.rst
URL: https://docs.openstack.org/keystone/rocky/admin/identity-tokens.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1797939/+subscriptions
References