setting user's default_project_id to a domain ID yield HTTP 400 instead of unscoped token
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Guang Yee |
Bug Description
Per spec, if user's default_project_id is invalid (i.e. either it is bogus, disabled, or user have no roles assigned on it), it should be ignored at token request. In otherwise, it should result in an unscoped token.
With the domain-is-project changes recently, if you accidentally set the user's default_project_id to a domain_id, you will get an HTTP 400 on token request.
Steps to reproduce:
1. set the user default_project_id to an existing domain_id
2. on token request, HTTP 400 is returned
$ curl -k -d '{"auth"
% Total % Received % Xferd Average Speed Time Time Time Current
100 258 100 101 100 157 229 357 --:--:-- --:--:-- --:--:-- 357
{
"error": {
"code": 400,
"message": "obj
ect of type 'NoneType' has no len()",
"title": "Bad Request"
}
}
Changed in keystone: | |
assignee: | nobody → Ryosuke Mizuno (r-mizuno) |
Changed in keystone: | |
importance: | Undecided → Medium |
milestone: | none → newton-1 |
Fix proposed to branch: master /review. openstack. org/317792
Review: https:/