Activity log for bug #1555629

Date Who What changed Old value New value Message
2016-03-10 13:29:05 Sofer Athlan-Guyot bug added bug
2016-03-10 13:33:34 Sofer Athlan-Guyot affects horizon keystone
2016-03-11 05:09:49 Steve Martinelli tags rc-potential
2016-03-11 05:10:18 Steve Martinelli keystone: milestone mitaka-rc1
2016-03-16 15:46:04 Steve Martinelli keystone: milestone mitaka-rc1
2016-03-16 18:29:06 Steve Martinelli tags rc-potential
2016-07-06 16:20:02 Lance Bragstad description Hi, Setting "domain_specific_drivers_enabled=true" in the kesytone.conf, prevents my calls to "/v3/users" to works when using the admin_token: @token="admin_token", @url="http://127.0.0.1:35357/v3 -> /bin/openstack user list --quiet --format csv --long' 127.0.0.1 - - [10/Mar/2016:08:15:41 -0500] "GET /v3/users HTTP/1.1" 401 114 "-" "python-keystoneclient" If I add a domain option to the openstack user list command, I get the users of the domain (not 401) If I do a project list it works and returns the complete list of all projects in all domains: Debug: Executing '/bin/openstack project list --quiet --format csv --long' 127.0.0.1 - - [10/Mar/2016:08:22:00 -0500] "GET /v3/projects HTTP/1.1" 200 471 "-" "python-keystoneclient" => [{:id=>"1ff87dbb8e6e45d5b43a49a812fafb88", :name=>"admin", :domain_id=>"default", :description=>"Bootstrap project for initializing the cloud.", :enabled=>"True"}, {:id=>"60f86c662af248449c1007fbf32ed5af", :name=>"openstackv3", :domain_id=>"463e1bb751374a0586a867a73cb35330", :description=>"admin tenant", :enabled=>"True"}, {:id=>"746e5e3d02b04d079dfa639ac5d03886", :name=>"services", :domain_id=>"default", :description=>"Tenant for the openstack services", :enabled=>"True"}, {:id=>"bcf81b0d73b74c85b01e1b15f38be64e", :name=>"openstack", :domain_id=>"default", :description=>"admin tenant", :enabled=>"True"}, {:id=>"e00959d5ac2545a5a77d137d20e0f9f8", :name=>"servicesv3", :domain_id=>"a43714e50901474eb328daf380ef24ee", :description=>"Tenant for the openstack services", :enabled=>"True"}] If I try the exact same command (without the domain option) with "domain_specific_drivers_enabled=false" in keystone.conf, I get the list of users in all domains. This is rather confusing. The "401", unauthorized error is confusing. The discrepancy between user and project behavior is confusing. So what is the "correct" behavior ? Hi, Setting "domain_specific_drivers_enabled=true" in the keystone.conf, prevents my calls to "/v3/users" to works when using the admin_token:     @token="admin_token", @url="http://127.0.0.1:35357/v3 ->     /bin/openstack user list --quiet --format csv --long'     127.0.0.1 - - [10/Mar/2016:08:15:41 -0500] "GET /v3/users HTTP/1.1" 401 114 "-" "python-keystoneclient" If I add a domain option to the openstack user list command, I get the users of the domain (not 401) If I do a project list it works and returns the complete list of all projects in all domains:     Debug: Executing '/bin/openstack project list --quiet --format csv --long'     127.0.0.1 - - [10/Mar/2016:08:22:00 -0500] "GET /v3/projects HTTP/1.1" 200 471 "-" "python-keystoneclient"     => [{:id=>"1ff87dbb8e6e45d5b43a49a812fafb88", :name=>"admin", :domain_id=>"default", :description=>"Bootstrap project for initializing the cloud.", :enabled=>"True"},      {:id=>"60f86c662af248449c1007fbf32ed5af", :name=>"openstackv3", :domain_id=>"463e1bb751374a0586a867a73cb35330", :description=>"admin tenant", :enabled=>"True"},      {:id=>"746e5e3d02b04d079dfa639ac5d03886", :name=>"services", :domain_id=>"default", :description=>"Tenant for the openstack services", :enabled=>"True"},      {:id=>"bcf81b0d73b74c85b01e1b15f38be64e", :name=>"openstack", :domain_id=>"default", :description=>"admin tenant", :enabled=>"True"},      {:id=>"e00959d5ac2545a5a77d137d20e0f9f8", :name=>"servicesv3", :domain_id=>"a43714e50901474eb328daf380ef24ee", :description=>"Tenant for the openstack services", :enabled=>"True"}] If I try the exact same command (without the domain option) with "domain_specific_drivers_enabled=false" in keystone.conf, I get the list of users in all domains. This is rather confusing. The "401", unauthorized error is confusing. The discrepancy between user and project behavior is confusing. So what is the "correct" behavior ?
2016-07-06 17:07:02 David Stanek keystone: assignee Henry Nash (henry-nash)
2016-08-02 02:35:12 Steve Martinelli keystone: status New Won't Fix
2016-08-02 02:35:14 Steve Martinelli keystone: assignee Henry Nash (henry-nash)