The keystone.common.controller._get_domain_id_for_list_request comment says the below:
"""Get the domain_id for a v3 list call.
If we running with multiple domain drivers, then the caller must
specify a domain_id either as a filter or as part of the token scope.
"""
But keystone instead of pulling the domain information from the token scope (the "or" in that statement), keystone fails with an HTTP 401 if you don't explicitly indicate the domain with the domain_id query parameter, as shown with the following commands:
The keystone. common. controller. _get_domain_ id_for_ list_request comment says the below:
"""Get the domain_id for a v3 list call.
If we running with multiple domain drivers, then the caller must
specify a domain_id either as a filter or as part of the token scope.
"""
But keystone instead of pulling the domain information from the token scope (the "or" in that statement), keystone fails with an HTTP 401 if you don't explicitly indicate the domain with the domain_id query parameter, as shown with the following commands:
[root@mysystem ~]# curl -k -i -X GET https:/ /127.0. 0.1:5000/ v3/groups -H "Accept: application/json" -H "X-Auth-Token: 7f9254f016784ef db3b1e6fa8bc5e4 f7" /ip9-114- 226-167. pok.stglabs. ibm.com: 5000"
HTTP/1.1 401 Unauthorized
content-length: 114
vary: X-Auth-Token
server: Apache/2.4.6 (Red Hat) OpenSSL/1.0.1e-fips mod_wsgi/3.4 Python/2.7.5
date: Wed, 11 Mar 2015 20:50:31 GMT
content-type: application/json
www-authenticate: Keystone uri="https:/
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
[root@mysystem ~]# curl -k -X GET https:/ /127.0. 0.1:5000/ v3/auth/ tokens -H "Accept: application/json" -H "X-Auth-Token: 7f9254f016784ef db3b1e6fa8bc5e4 f7" -H "X-Subject-Token: 7f9254f016784ef db3b1e6fa8bc5e4 f7" | python -mjson.tool
"domain" : {
"id": "default",
"name" : "Default" 32d698d20789d52 169126fb41fb1a4 ddafcebb97d854e 836c9",
{
"token": {
...
"user": {
},
"id": "0688b01e6439ca
"name": "root"
}
}
}
[root@mysystem ~]# curl -k -i -X GET https:/ /127.0. 0.1:5000/ v3/groups? domain_ id=default -H "Accept: application/json" -H "X-Auth-Token: 7f9254f016784ef db3b1e6fa8bc5e4 f7"
HTTP/1.1 200 OK
...