keystoneauth

Bug #1637682
Comment #5

Comment 5 for bug 1637682

Revision history for this message

Samuel de Medeiros Queiroz (samueldmq) wrote on 2017-03-29:

There is something weird to me here yet.

The mentioned keystoneauth code is creating the following body for an explicit unscoped token request:

{
    "auth": {
        "identity": {
            ...
        },
        "scope": {'unscoped': {}}
    }
}

While our example in docs [1] mention:

{
    "auth": {
        "identity": {
            ...
        },
        "scope": "unscoped"
    }
}

Notice keystoneauth1 does {'unscoped': {}} while keystone server specifies 'unscoped'.

Luckily our code [2] in keystone server checks 'unscoped' in self.auth['scope'], which works with both representations:

>>> 'unscoped' in {'unscoped':{}}
True
>>> 'unscoped' in 'unscoped'
True
>>>

I wonder if that is something we would like to fix in order to make them consistent.
I'd vote for that, a patch in keystoneauth1, besides the doc improvement proposed would be great.

[1] https://developer.openstack.org/api-ref/identity/v3/index.html?expanded=password-authentication-with-explicit-unscoped-authorization-detail

[2] https://github.com/openstack/keystone/blob/ca35d00/keystone/auth/core.py#L235-L244