Notice keystoneauth1 does {'unscoped': {}} while keystone server specifies 'unscoped'.
Luckily our code [2] in keystone server checks 'unscoped' in self.auth['scope'], which works with both representations:
>>> 'unscoped' in {'unscoped':{}}
True
>>> 'unscoped' in 'unscoped'
True
>>>
I wonder if that is something we would like to fix in order to make them consistent.
I'd vote for that, a patch in keystoneauth1, besides the doc improvement proposed would be great.
There is something weird to me here yet.
The mentioned keystoneauth code is creating the following body for an explicit unscoped token request:
{
"auth": {
"identity": {
...
},
"scope": {'unscoped': {}}
}
}
While our example in docs [1] mention:
{
"auth": {
"identity": {
...
},
"scope": "unscoped"
}
}
Notice keystoneauth1 does {'unscoped': {}} while keystone server specifies 'unscoped'.
Luckily our code [2] in keystone server checks 'unscoped' in self.auth['scope'], which works with both representations:
>>> 'unscoped' in {'unscoped':{}}
True
>>> 'unscoped' in 'unscoped'
True
>>>
I wonder if that is something we would like to fix in order to make them consistent.
I'd vote for that, a patch in keystoneauth1, besides the doc improvement proposed would be great.
[1] https:/ /developer. openstack. org/api- ref/identity/ v3/index. html?expanded= password- authentication- with-explicit- unscoped- authorization- detail
[2] https:/ /github. com/openstack/ keystone/ blob/ca35d00/ keystone/ auth/core. py#L235- L244