fetching role assignments should handle domain IDs in addition to project IDs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Triaged
|
Low
|
Unassigned |
Bug Description
Description of problem:
Note: This affects releases in Queens+ (could be further back but I have only verified in Queens and Stein so far)
It is possible to pass through a domain ID as a project name while assigning a role to a user e.g.:
$ openstack domain show test-domain
+------
| Field | Value |
+------
| description | |
| enabled | True |
| id | 8de8ce3beda54ff
| name | test-domain |
| options | {} |
| tags | [] |
+------
$ openstack role add --user test-user --user-domain --project 8de8ce3beda54ff
However, this breaks the ability to pull a role assignment list e.g.:
$ openstack role assignment list --user-domain test-domain --user test-user --names
---
Actual results:
Returns a list of role assignments for test-user
Expected results:
object of type 'NoneType' has no len() (HTTP 400) (Request-ID: req-636e0da4-
---
How to reproduce:
$ openstack domain list
+------
| ID | Name | Enabled | Description |
+------
| 9f2174693c6b4da
| default | Default | True | The default domain |
+------
$ openstack domain create test-domain
+------
| Field | Value |
+------
| description | |
| enabled | True |
| id | 8de8ce3beda54ff
| name | test-domain |
| options | {} |
| tags | [] |
+------
$ openstack user create test-user --domain test-domain --password-prompt
User Password:
Repeat User Password:
+------
| Field | Value |
+------
| domain_id | 8de8ce3beda54ff
| enabled | True |
| id | 0cccd870c9a24cd
| name | test-user |
| options | {} |
| password_expires_at | None |
+------
$ openstack project create test-parent-project --domain test-domain
+------
| Field | Value |
+------
| description | |
| domain_id | 8de8ce3beda54ff
| enabled | True |
| id | dab81d58b96e410
| is_domain | False |
| name | test-parent-project |
| options | {} |
| parent_id | 8de8ce3beda54ff
| tags | [] |
+------
$ openstack project create test-sub-project --parent test-parent-project --domain test-domain
+------
| Field | Value |
+------
| description | |
| domain_id | 8de8ce3beda54ff
| enabled | True |
| id | 841bc53fff6d477
| is_domain | False |
| name | test-sub-project |
| options | {} |
| parent_id | dab81d58b96e410
| tags | [] |
+------
$ openstack role add --user test-user --user-domain test-domain --project
8de8ce3beda54f
$ openstack role assignment list --user-domain test-domain --user test-user --names
object of type 'NoneType' has no len() (HTTP 400) (Request-ID: req-636e0da4-
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → Low |
I've created a story against OSC[1] to resolve the issue of how we are handling `domain IDs` being handed in as arguments for --project
[1] - https:/ /storyboard. openstack. org/#!/ story/2007194