← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #87617

[Bug 1950325] [NEW] domain list via projects api with domain-scoped token is always empty

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Listing domains via projects api (/v3/projects) using is_domain
parameter with domain-scoped token always returns an empty list.

Steps to reproduce:

1. Get a domain-scoped token
2. Make a call to /v3/projects?is_domain=true with the token

Expected:
Domains are listed (given the policies allow it). Or i get an error message that it is impossible to list is_domain projects with a domain-scoped token.

Observed:
Domain list is empty.

Probable reason:
https://opendev.org/openstack/keystone/src/commit/1e7ecca881a51144d61ae8026e1a77d6669997e2/keystone/api/projects.py#L135-L139 - with domain-scoped token projects are filtered by domain_id. Domains have no domain_id and are filtered out.

How it was discovered:
Terraform OpenStack Provider does not use /v3/domains endpoint to fetch information about domains. Instead, /v3/projects is supposed to be used. https://github.com/terraform-provider-openstack/terraform-provider-openstack/tree/32f312ff538b846c32b93247f94c58163a6145f1/openstack

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1950325

Title:
  domain list via projects api with domain-scoped token is always empty

Status in OpenStack Identity (keystone):
  New

Bug description:
  Listing domains via projects api (/v3/projects) using is_domain
  parameter with domain-scoped token always returns an empty list.

  Steps to reproduce:

  1. Get a domain-scoped token
  2. Make a call to /v3/projects?is_domain=true with the token

  Expected:
  Domains are listed (given the policies allow it). Or i get an error message that it is impossible to list is_domain projects with a domain-scoped token.

  Observed:
  Domain list is empty.

  Probable reason:
  https://opendev.org/openstack/keystone/src/commit/1e7ecca881a51144d61ae8026e1a77d6669997e2/keystone/api/projects.py#L135-L139 - with domain-scoped token projects are filtered by domain_id. Domains have no domain_id and are filtered out.

  How it was discovered:
  Terraform OpenStack Provider does not use /v3/domains endpoint to fetch information about domains. Instead, /v3/projects is supposed to be used. https://github.com/terraform-provider-openstack/terraform-provider-openstack/tree/32f312ff538b846c32b93247f94c58163a6145f1/openstack

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1950325/+subscriptions
  Thread PreviousDate PreviousThread Next