Can not change domain of role
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
openstack --debug role set --domain default 707f0cc1809944c
BadRequest: {} does not have enough properties
Failed validating 'minProperties' in schema:
{'additiona
'minProper
'properties': {'name': {'maxLength': 255,
'type': 'object'}
On instance:
{} (HTTP 400) (Request-ID: req-88887cd7-
END return value: 1
journalctl -f -u <email address hidden>
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: DEBUG keystone.
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: WARNING keystone.
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: Failed validating 'minProperties' in schema:
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: {'additionalPro
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'minProperties': 1,
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'properties': {'name': {'maxLength': 255,
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'minLength': 1,
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'pattern': '[\\S]+',
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'type': 'string'}},
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: 'type': 'object'}
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: On instance:
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: {}: SchemaValidatio
Oct 15 08:39:50 openstack1 <email address hidden>[1718188]: [pid: 1718198|app: 0|req: 21145/169188] 10.110.56.114 () {64 vars in 1335 bytes} [Tue Oct 15 08:39:50 2019] PATCH /identity/
Version:
# git log
commit 79ed42ee6791538
Author: Raildo Mascena <email address hidden>
Date: Wed Jul 24 10:20:17 2019 -0300
Fix python3 compatibility on LDAP search DN from id
In Python 3, python-ldap no longer allows bytes for some fields (DNs,
RDNs, attribute names, queries). Instead, text values are represented
as str, the Unicode text type.
[1] More details about byte/str usage in python-ldap can be found at:
http://
Change-Id: I63e3715032cd8e
Related-Bug: #1798184
(cherry picked from commit 03531a56910b129
This is not a bug. A role's domain is not just a property but its namespace; a domain owns a role, same as it owns a user or a project. If it was allowed to change, anything that referred to it by its name and domain would suddenly find it missing. Instead of changing a role's domain, just create a new role in the domain.