OpenStack Identity (keystone)

Document should report that Users must have at least one role

Bug #963176 reported by David Kranz on 2012-03-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Expired	Medium	Unassigned

Bug Description

I'm not sure if this is a code/design bug or a doc bug. If a user has no role then 'nova list' fails with

ERROR: Invalid OpenStack Nova credentials.

The keystone log says:

(root): 2012-03-23 10:19:36,903 DEBUG ******************** REQUEST BODY ********************
(root): 2012-03-23 10:19:36,903 DEBUG {"auth": {"tenantName": "users", "passwordCredentials": {"username": "tester", "password": "testing"}}}
(root): 2012-03-23 10:19:36,903 DEBUG
(root): 2012-03-23 10:19:36,904 DEBUG arg_dict: {}
(root): 2012-03-23 10:19:36,948 WARNING Invalid tenant

This message is enough out-of-whack with the actual issue that I wasn't sure if this was a bug or not. If this is expected
then the docs should say that at least one role is required.

Tags:

Revision history for this message

Dolph Mathews (dolph) wrote on 2012-03-23:

I think the error message is misleading - the credentials may be accurate (proper authentication), but it looks like it's authorization on the tenant which has failed (hence the "WARNING Invalid tenant").

Revision history for this message

Joseph Heck (heckj) wrote on 2012-03-23:

David -

It's intentional - all users are expected to be associated with at least one tenant, potentially more.

Changed in keystone:
status:	New → Confirmed
summary:	- Users must have at least one role + Document should report that Users must have at least one role
Changed in keystone:
importance:	Undecided → Medium
tags:	added: docs

Revision history for this message

Joseph Heck (heckj) wrote on 2012-03-23:

David - want to take a stab at updating the docs? I'd recommend looking at doc/source/configuration.rst

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-03-27: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/5874

Changed in keystone:
assignee:	nobody → David Kranz (david-kranz)
status:	Confirmed → In Progress

Revision history for this message

David Kranz (david-kranz) wrote on 2012-03-27:

Joe, I guess I am not up to fixing this. I am a keystone newbie.

Changed in keystone:
assignee:	David Kranz (david-kranz) → nobody

Revision history for this message

Dolph Mathews (dolph) wrote on 2012-03-27:

I think this was documented pretty well pre-redux (on a page called Concepts, as I recall), however I don't see any remnants of that documentation?

Regarding the error message, I think this is a bug against novaclient, as it appears that nova is perhaps suppressing/ignoring a more useful error message from keystone? (given the "Invalid tenant" warning in the OP's log)

Joseph Heck (heckj) on 2012-05-19

Changed in keystone:
status:	In Progress → Triaged

Thierry Carrez (ttx) on 2012-06-07

no longer affects:

nova

Robb Romans (rromans) on 2014-11-20

Changed in keystone:
status:	Triaged → Incomplete

Samuel de Medeiros Queiroz (samueldmq) on 2014-11-26

Changed in keystone:
status:	Incomplete → Opinion
status:	Opinion → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-01-25:

[Expired for Keystone because there has been no activity for 60 days.]

Changed in keystone:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.