It is required POST action to update the existing user email, name, or description.
Via my verification, POST to update existing user caused
{
"error": {
"message": "The resource could not be found.",
"code": 404,
"title": "Not Found"
}
}
The detailed detail for this test is,
[root@lijunj ~]# curl -i http://localhost:35357/v3/users/fee07a4ebc014744b31564835b715aa1 -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: ADMIN" --data '
> {
> "user": {
> "id": "fee07a4ebc014744b31564835b715aa1",
> "description": "v3 keystone user test",
> "email": "none@",
> "enabled": true
> }
> }'
HTTP/1.1 404 Not Found
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 93
Date: Mon, 15 Jul 2013 02:23:44 GMT
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
I ensure the id fee07a4ebc014744b31564835b715aa1 user which is exisitng already in environment. Below is the output of listing v3/users/fee07a4ebc014744b31564835b715aa1
[root@lijunj ~]# curl -i http://localhost:35357/v3/users/fee07a4ebc014744b31564835b715aa1 -X GET -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: ADMIN"
HTTP/1.1 200 OK
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 349
Date: Mon, 15 Jul 2013 02:24:51 GMT
The user fee07a4ebc014744b31564835b715aa1 was created for testing.
We may discuss this document correction-ability. And, POST can not be done for updating user, but PUT action can be done.
(2) Document in http://docs.openstack.org/ does not mention, updating user can support to refresh a user tenant id/ project id. And "keystone user-update" command does not allow to have any parameter to refresh tenant-id / project-id of a user. But REST API keeps silent for any clients attempting to change a existing user tenant id or project id. From my test verification, in spite of changing tenant/project id for a existing user, the user still belongs to the original tenant / project. That means, updating tenant / project id for a user is invalid.
The user was not updated to add into e0cdb35aa15d45f998c308eb78407513.
From above, we can not upate user to change a existing user tenant/project. Is it good way we add the tight 'assert'/judgement for any attemption of updating user tenantId property?
We found two problems related to updating user via keystone.
(1) Via, the instruction of updating user on, http:// docs.openstack. org/api/ openstack- identity- service/ 2.0/content/ POST_updateUser _v2.0_users_ _userId_ _.html
It is required POST action to update the existing user email, name, or description.
Via my verification, POST to update existing user caused
{
"error": {
"message": "The resource could not be found.",
"code": 404,
"title": "Not Found"
}
}
The detailed detail for this test is, localhost: 35357/v3/ users/fee07a4eb c014744b3156483 5b715aa1 -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: ADMIN" --data ' 44b31564835b715 aa1",
[root@lijunj ~]# curl -i http://
> {
> "user": {
> "id": "fee07a4ebc0147
> "description": "v3 keystone user test",
> "email": "none@",
> "enabled": true
> }
> }'
HTTP/1.1 404 Not Found
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 93
Date: Mon, 15 Jul 2013 02:23:44 GMT
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
I ensure the id fee07a4ebc01474 4b31564835b715a a1 user which is exisitng already in environment. Below is the output of listing v3/users/ fee07a4ebc01474 4b31564835b715a a1 localhost: 35357/v3/ users/fee07a4eb c014744b3156483 5b715aa1 -X GET -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: ADMIN"
[root@lijunj ~]# curl -i http://
HTTP/1.1 200 OK
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 349
Date: Mon, 15 Jul 2013 02:24:51 GMT
{"user": {"aa": "144442", "name": "test", "bb": "23", "debug- wrongattribute" : "12345", "cc": "45", "enabled": true, "links": {"self": "http:// localhost: 5000/v3/ users/fee07a4eb c014744b3156483 5b715aa1"}, "id": "fee07a4ebc0147 44b31564835b715 aa1", "email": "<email address hidden>", "debug_ wrongattribute" : "12345", "domain_id": "default", "tenantId": ""}}
The user fee07a4ebc01474 4b31564835b715a a1 was created for testing.
We may discuss this document correction-ability. And, POST can not be done for updating user, but PUT action can be done.
(2) Document in http:// docs.openstack. org/ does not mention, updating user can support to refresh a user tenant id/ project id. And "keystone user-update" command does not allow to have any parameter to refresh tenant-id / project-id of a user. But REST API keeps silent for any clients attempting to change a existing user tenant id or project id. From my test verification, in spite of changing tenant/project id for a existing user, the user still belongs to the original tenant / project. That means, updating tenant / project id for a user is invalid.
--Create user localhost: 35357/v2. 0/users/ -X POST -H "Content-Type: application/json" -H "X-Auth-Token: ADMIN" --data '
"description" : "v2.0 keystone user test", ce91d3ee824ff7c 959", 7590a1a94f865a6 1ff", "tenantId": "ccaf7621482a41 ce91d3ee824ff7c 959"}}
curl -i http://
{
"user": {
"name": "li-03",
"email": "none@",
"tenantId": "ccaf7621482a41
"password": "passw0rd",
"enabled": true
}
}'
Response:
{"user": {"description": "v2.0 keystone user test", "name": "li-03", "enabled": true, "email": "none@", "id": "00027b03821f4b
-- List the tenant users. localhost: 35357/v2. 0/tenants/ ccaf7621482a41c e91d3ee824ff7c9 59/users -X GET -H "Content-Type: application/json" -H "X-Auth-Token: ADMIN"
curl -i http://
{"users": [{"name": "sceagent", "id": "07d544b772ce4a b18592d165cea9b 8da", "tenantId": e91d3ee824ff7c9 59 already. 7590a1a94f865a6 1ff", "tenantId": "ccaf7621482a41 ce91d3ee824ff7c 959"}]}
....//The content is not important. li-03 is in tenant ccaf7621482a41c
{"name": "li-03", "description": "v2.0 keystone user test", "enabled": true, "email": "none@", "id": "00027b03821f4b
--Update user. Used anther tenant id inside, and rest api does not throw exception. localhost: 35357/v2. 0/users/ 00027b03821f4b7 590a1a94f865a61 ff -X PUT -H "Content-Type: application/json" -H "X-Auth-Token: ADMIN" --data '
"description" : "v2.0 keystone user test 01", f998c308eb78407 513",
curl -i http://
{
"user": {
"name": "li-03",
"email": "none@",
"tenantId": "e0cdb35aa15d45
"password": "passw0rd",
"enabled": true
}
}'
Response: f998c308eb78407 513", "description": "v2.0 keystone user test 01", "email": "none@"}, "enabled": true, "email": "none@", "id": "00027b03821f4b 7590a1a94f865a6 1ff", "tenantId": "e0cdb35aa15d45 f998c308eb78407 513"}}
{"user": {"description": "v2.0 keystone user test 01", "name": "li-03", "extra": {"tenantId": "e0cdb35aa15d45
--List tenant e0cdb35aa15d45f 998c308eb784075 13 user localhost: 35357/v2. 0/tenants/ e0cdb35aa15d45f 998c308eb784075 13/users -X GET -H "Content-Type: application/json" -H "X-Auth-Token: ADMIN"
curl -i http://
Response:
{"users": []}
The user was not updated to add into e0cdb35aa15d45f 998c308eb784075 13.
From above, we can not upate user to change a existing user tenant/project. Is it good way we add the tight 'assert'/judgement for any attemption of updating user tenantId property?