Keystone – error message is not correct/clear in case when no “rule” is associated to user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Keystone – error message is not correct/clear in case when no “rule” is associated to user
Scenario:
1) Source as admin user
. overcloudrc
2) Create a new project
openstack project create --description 'my new project' new-project --domain default
3) Create user for previously created project
openstack user create --project new-project --password PASSWORD new-user
4) Copy overcloudrc content to userrc file and change
cp overcloudrc userrc
5) Change relevant for new-user values:
export OS_USERNAME=
export OS_PASSWORD=
export OS_PROJECT_NAME= new-project
6) Save modified file and source now with this gile
source userrc
7) Execute some openstack command for example:
openstack network list
Actual Result:
On CLI output the error which is shown to user is:
The request you have made requires authentication. (HTTP 401) (Request-ID: req-373d8b48-
In keystone log:
/var/log/
2018-11-18 15:09:15.902 35 WARNING keystone.
Expected Result:
The real reason no rule is asociated to ‘new-user’ (or something like that) should be logged and prompted to user.
Actual message we have is not relevant and not clear.
Keystone logs attached.
This looks like a Keystone issue and not neutron, even though the example command was against the neutron API.