OpenStack Identity (keystone)

  1. Bug #1198171
  2. Comment #7

Comment 7 for bug 1198171

Revision history for this message
Bo Tang (botang) wrote :

python-keystoneclient should also be changed in our solution of this bug.

problem: the auth/tokens request mistakenly use domain_id instead of domain_name.
solution: In keystoneclient.v3.client._do_auth() fix json construction process.
Changes:
1. python-openstackclient/openstackclient/shell.py: add default_domain parameter in method def authenticate_user(self), passing os_default_domain to client manager init.
2. python-openstackclient/openstackclient/common/clientmanager.py: pass default_domain to self._domain in __init__()
3. python-openstackclient/openstackclient/identity.py: add domain attributes when instantiating identity_client.
+ domain_name=instance._domain,
+ user_domain_name=instance._domain,
+ project_domain_name=instance._domain,
4. python-keystoneclient/keystoneclient/v3/client.py:
#if (domain_id or domain_name) and (project_id or project_name):
# raise ValueError('Authentication cannot be scoped to both domain'
# ' and project.')

The 4th change is critical but not sure if it affects others.