Comment 0 for bug 1555629

Hi,

Setting "domain_specific_drivers_enabled=true" in the kesytone.conf,
prevents my calls to "/v3/users" to works when using the admin_token:

    @token="admin_token", @url="http://127.0.0.1:35357/v3

->

    /bin/openstack user list --quiet --format csv --long'
    127.0.0.1 - - [10/Mar/2016:08:15:41 -0500] "GET /v3/users HTTP/1.1" 401 114 "-" "python-keystoneclient"

If I add a domain option to the openstack user list command, I get the
users of the domain (not 401)

If I do a project list it works and returns the complete list of all
projects in all domains:

    Debug: Executing '/bin/openstack project list --quiet --format csv --long'
    127.0.0.1 - - [10/Mar/2016:08:22:00 -0500] "GET /v3/projects HTTP/1.1" 200 471 "-" "python-keystoneclient"
    => [{:id=>"1ff87dbb8e6e45d5b43a49a812fafb88", :name=>"admin", :domain_id=>"default", :description=>"Bootstrap project for initializing the cloud.", :enabled=>"True"},
     {:id=>"60f86c662af248449c1007fbf32ed5af", :name=>"openstackv3", :domain_id=>"463e1bb751374a0586a867a73cb35330", :description=>"admin tenant", :enabled=>"True"},
     {:id=>"746e5e3d02b04d079dfa639ac5d03886", :name=>"services", :domain_id=>"default", :description=>"Tenant for the openstack services", :enabled=>"True"},
     {:id=>"bcf81b0d73b74c85b01e1b15f38be64e", :name=>"openstack", :domain_id=>"default", :description=>"admin tenant", :enabled=>"True"},
     {:id=>"e00959d5ac2545a5a77d137d20e0f9f8", :name=>"servicesv3", :domain_id=>"a43714e50901474eb328daf380ef24ee", :description=>"Tenant for the openstack services", :enabled=>"True"}]

If I try the exact same command (without the domain option) with
"domain_specific_drivers_enabled=false" in keystone.conf, I get the
list of users in all domains.

This is rather confusing. The "401", unauthorized error is confusing.
The discrepancy between user and project behavior is confusing.

So what is the "correct" behavior ?