OpenStack Dashboard (Horizon)

  1. Bug #1415588
  2. Comment #8

Comment 8 for bug 1415588

Revision history for this message
Mahesh Sawaiker (mahesh-sawaiker) wrote :

I get this error, openstack clients also seem to fail to list users and groups.

Issue seems to be in this method line 715 is the exception being thrown.

683 def _get_domain_id_for_list_request(self, context):
684 """Get the domain_id for a v3 list call.
685
686 If we running with multiple domain drivers, then the caller must
687 specify a domain_id either as a filter or as part of the token scope.
688
689 """
690 if not CONF.identity.domain_specific_drivers_enabled:
691 # We don't need to specify a domain ID in this case
692 return
693
694 if context['query_string'].get('domain_id') is not None:
695 return context['query_string'].get('domain_id')
696
697 try:
698 token_ref = token_model.KeystoneToken(
699 token_id=context['token_id'],
700 token_data=self.token_provider_api.validate_token(
701 context['token_id']))
702 except KeyError:
703 raise exception.ValidationError(
704 _('domain_id is required as part of entity'))
705 except (exception.TokenNotFound,
706 exception.UnsupportedTokenVersionException):
707 LOG.warning(_LW('Invalid token found while getting domain ID '
708 'for list request'))
709 raise exception.Unauthorized()
710
711 if token_ref.domain_scoped:
712 return token_ref.domain_id
713 else:
714 LOG.warning(
715 _LW('No domain information specified as part of list request'))
716 raise exception.Unauthorized()

Keystone logs are as follows.
2015-10-06 07:32:24.141 11175 DEBUG keystone.policy.backends.rules [-] enforce identity:list_users: {'is_delegated_auth': False, 'access_token_id': None, 'user_id': u'a3cde1ee62b7882310e28a16efc19fae1fb81383628117c100f0fb80e7442177', 'roles': [u'admin', u'_member_'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=wAXcFhRURgmBoLZPhNZBaQ, audit_chain_id=wAXcFhRURgmBoLZPhNZBaQ) at 0x7fa5a9d894f0>, 'project_id': u'4bf2a3a0b84745259bb4c8d4829cf742', 'trust_id': None} enforce /opt/bbc/openstack-11.0-bbc73/keystone/local/lib/python2.7/site-packages/keystone/policy/backends/rules.py:76
2015-10-06 07:32:24.142 11175 DEBUG keystone.common.controller [-] RBAC: Authorization granted wrapper /opt/bbc/openstack-11.0-bbc73/keystone/local/lib/python2.7/site-packages/keystone/common/controller.py:203
2015-10-06 07:32:24.151 11175 WARNING keystone.common.controller [-] No domain information specified as part of list request
2015-10-06 07:32:24.152 11175 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. (Disable debug mode to suppress these details.) (Disable debug mode to suppress these details.) from 192.168.0.96

Configuration
1) Enable domain specific drivers in keystone
2) keep default domain in ldap, keep all other domains in sql db.
3) Try listing users or groups using v3 api.