keystoneclient requires --pass to create user while keystone doesn't
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned | ||
python-keystoneclient |
Fix Released
|
Low
|
Juan Manuel Ollé |
Bug Description
name is required in REST API, but CLI requires an extra argument --pass
# uname -a
Linux havana 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
# keystone-manage --version
2013.2
# keystone --version
0.3.2
# curl -i -X POST http://
HTTP/1.1 200 OK
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 92
Date: Wed, 29 Jan 2014 07:27:09 GMT
{"user": {"enabled": true, "name": "test-create", "id": "f23d8e2835a049
# keystone user-create --name test-create
Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400)
if keystone cli supports creating an user without pass, we can update that user's password by:
# keystone user-password-
to verify this solution:
# keystone user-role-add --user test-create --tenant admin --role admin # can be other tenant and role
# keystone --os-username test-create --os-password xxx --os-tenant-name admin user-get test-create
+------
| Property | Value |
+------
| enabled | True |
| id | f23d8e2835a0491
| name | test-create |
+------
the problem is that
# keystone --debug user-create --name test-create
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
REQ: curl -i -X POST http://
REQ BODY: {"user": {"email": null, "password": null, "enabled": true, "name": "test-create", "tenantId": null}}
RESP: [400] CaseInsensitive
RESP BODY: {"error": {"message": "Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}
the server side can bare pass attribute is not set, but cannot accept it is None....
we can fix this via set --pass to SUPRESS or update the server side validation to treat None as not set and leave it blank in db backend, I would prefer fix both side, since some user may claim such problem when he try to send a rest.json={..., 'pass': null} to server.
ref: https:/
Changed in python-keystoneclient: | |
assignee: | nobody → ZhiQiang Fan (aji-zqfan) |
Changed in keystone: | |
assignee: | nobody → ZhiQiang Fan (aji-zqfan) |
description: | updated |
Changed in keystone: | |
assignee: | ZhiQiang Fan (aji-zqfan) → nobody |
Changed in python-keystoneclient: | |
assignee: | ZhiQiang Fan (aji-zqfan) → nobody |
Changed in python-keystoneclient: | |
assignee: | nobody → Juan Manuel Ollé (juan-m-olle) |
Changed in python-keystoneclient: | |
milestone: | none → 0.10.0 |
Changed in python-keystoneclient: | |
status: | Fix Committed → Fix Released |
It seems not a bug in keystone, but it is still a bit weired, because if the user explicitly tells the server he doesn't need a password, the server will reject the request because the password field is not a string. This sounds like that: "we don't welcome extra labor work, so just be lazy or you get nothing!" : )