yahoo-eng-team team mailing list archive

[OpenStack Infra <1797939@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/611685
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=33295032d95d0e85d68ea28a348d12b4e980a723
Submitter: Zuul
Branch:    master

commit 33295032d95d0e85d68ea28a348d12b4e980a723
Author: Magnus Lööf <magnus.loof@xxxxxxxxx>
Date:   Thu Oct 18 19:51:57 2018 +0200

    Fix example for getting system scoped token
    
    Previously, the example for getting a system scoped token read
    `--os-system` which does not work.
    
    Change-Id: Ic7d6e089f0c28e026192e83b56b487180bca09e3
    Closes-Bug: 1797939
    Signed-off-by: Magnus Lööf <magnus.loof@xxxxxxxxx>


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1797939

Title:
  Example in section "Create system-scoped token" is wrong

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:

  This bug tracker is for errors with the documentation, use the
  following as a template and remove or add fields as you see fit.
  Convert [ ] into [x] to check boxes:

  - [x] This doc is inaccurate in this way: The example for Create
  system-scoped token says to use `--os-system` argument to the
  `openstack` cli tool. This does not work in:

  ```
  $ openstack --version
  openstack 3.16.1
  ```

  ```
  $ openstack --help | grep system
                   [--os-system-scope <auth-system-scope>]
    --os-system-scope <auth-system-scope>
                          With password: Scope for system operations With
                          v3oidcauthcode: Scope for system operations With
                          v3oidcpassword: Scope for system operations With
                          v3password: Scope for system operations With
                          v3oidcaccesstoken: Scope for system operations With
                          token: Scope for system operations With
                          v3oidcclientcredentials: Scope for system operations
                          With v3token: Scope for system operations With v3totp:
                          Scope for system operations With
                          v3applicationcredential: Scope for system operations
  ...
  ```

  Also, I cannot figure out how to actually do what the example suggest:
  issue a token scoped to the system, which is what I want to remove
  this deprecation warning in the logs:

  ```
  /usr/lib/python2.7/site-packages/oslo_policy/policy.py:896: UserWarning: Policy identity:list_domains failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
    warnings.warn(msg)
  ```

  - [ ] This is a doc addition request.
  - [ ] I have a fix to the document that I can paste below including example: input and output. 

  If you have a troubleshooting or support issue, use the following
  resources:

   - Ask OpenStack: http://ask.openstack.org
   - The mailing list: http://lists.openstack.org
   - IRC: 'openstack' channel on Freenode

  -----------------------------------
  Release:  on 2018-10-09 13:15
  SHA: 86cc778774bc6a561911be05075b4e3cdf6ef2b0
  Source: https://git.openstack.org/cgit/openstack/keystone/tree/doc/source/admin/identity-tokens.rst
  URL: https://docs.openstack.org/keystone/rocky/admin/identity-tokens.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1797939/+subscriptions