OpenStack Identity (keystone)

Can not change domain of role

Bug #1848400 reported by Eric Xie on 2019-10-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Invalid	Undecided	Unassigned

Bug Description

openstack --debug role set --domain default 707f0cc1809944c89c063420ccc0436f

BadRequest: {} does not have enough properties

Failed validating 'minProperties' in schema:
    {'additionalProperties': True,
     'minProperties': 1,
     'properties': {'name': {'maxLength': 255,
                             'minLength': 1,
                             'pattern': '[\\S]+',
                             'type': 'string'}},
     'type': 'object'}

On instance:
{} (HTTP 400) (Request-ID: req-88887cd7-e6d5-4cc0-abfc-6d2c18aed525)

END return value: 1

journalctl -f -u <email address hidden>
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: DEBUG keystone.common.authorization [None req-88887cd7-e6d5-4cc0-abfc-6d2c18aed525 None admin] RBAC: Authorization granted {{(pid=1718198) check_policy /opt/stack/keystone/keystone/common/authorization.py:165}}
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: WARNING keystone.common.wsgi [None req-88887cd7-e6d5-4cc0-abfc-6d2c18aed525 None admin] {} does not have enough properties
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: Failed validating 'minProperties' in schema:
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: {'additionalProperties': True,
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'minProperties': 1,
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'properties': {'name': {'maxLength': 255,
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'minLength': 1,
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'pattern': '[\\S]+',
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'type': 'string'}},
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'type': 'object'}
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: On instance:
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: {}: SchemaValidationError: {} does not have enough properties
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: [pid: 1718198|app: 0|req: 21145/169188] 10.110.56.114 () {64 vars in 1335 bytes} [Tue Oct 15 08:39:50 2019] PATCH /identity/v3/roles/707f0cc1809944c89c063420ccc0436f => generated 452 bytes in 18 msecs (HTTP/1.1 400) 5 headers in 186 bytes (1 switches on core 0)

Version:
# git log
commit 79ed42ee67915383242541329dd5aa186f087ff2
Author: Raildo Mascena <email address hidden>
Date: Wed Jul 24 10:20:17 2019 -0300

Fix python3 compatibility on LDAP search DN from id

    In Python 3, python-ldap no longer allows bytes for some fields (DNs,
    RDNs, attribute names, queries). Instead, text values are represented
    as str, the Unicode text type.

[1] More details about byte/str usage in python-ldap can be found at:
http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode

    Change-Id: I63e3715032cd8edb11fbff7651f5ba1af506dc9d
    Related-Bug: #1798184
    (cherry picked from commit 03531a56910b12922afde32b40e270b7d68a334b)