OpenStack Identity (keystone)

A V2 token from trust cannot be generated with user/pass

Bug #1331884 reported by Jamie Lennox on 2014-06-19

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Won't Fix	Wishlist	wanghong

Bug Description

Trust handling in the v2 authentication path only exists for token authentication. That means you must fetch a token with your user/pass and then exchange that for one that is trusted.

Example workflow:

c2_1 = v2client.Client(auth_url='http://localhost:5000/v2.0',
                       username='bob',
                       password='bob1',
                       trust_id='0b16de31a8c64fd5b0054054db468a00')

c2_2 = v2client.Client(auth_url='http://localhost:5000/v2.0',
                       token=c2_1.auth_ref.auth_token,
                       tenant_name='demo',
                       trust_id='0b16de31a8c64fd5b0054054db468a00')

As compared to v3:

c3 = v3client.Client(auth_url='http://localhost:5000/v3',
                     username='bob',
                     password='bob1',
                     trust_id='0b16de31a8c64fd5b0054054db468a00')

Dolph Mathews (dolph) on 2014-06-23

Changed in keystone:
importance:	Undecided → Wishlist
status:	New → Triaged

wanghong (w-wanghong) on 2014-06-28

Changed in keystone:
assignee:	nobody → wanghong (w-wanghong)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-06: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/112230

Changed in keystone:
status:	Triaged → In Progress

Lance Bragstad (lbragstad) on 2014-09-04

tags:	added: meeting-topic
Changed in keystone:
milestone:	none → juno-rc1

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2014-09-09:

This bug was discussed in the #openstack-keystone meeting and we've decided to hold this fix until development opens for Kilo. See comment in proposed review.

tags:	removed: meeting-topic
Changed in keystone:
milestone:	juno-rc1 → none

Revision history for this message

Morgan Fainberg (mdrnstm) wrote on 2014-10-02:

This is more new functionality than a bug fix. V2 largely is viewed as frozen, we should not be adding (or removing) functionality to it. Since this is not an issue with V3, if the workflow requires username/password direct to the trust token, it is recommended that V3 be used instead.

Changed in keystone:
status:	In Progress → Won't Fix

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-10-02: Change abandoned on keystone (master)

Change abandoned by Morgan Fainberg (<email address hidden>) on branch: master
Review: https://review.openstack.org/112230

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.