Allow cinderclient to handle system-scoped tokens
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-cinderclient |
New
|
High
|
Unassigned |
Bug Description
Keystone supports system-scoped tokens which are useful for operators accessing deployment-level APIs and resources.
Currently, cinderclient assumes that the cinder endpoint in the keystone service catalog will always have the project ID in the endpoint (using project ID templating). This makes it harder to allow cinder to consume system-scoped tokens since endpoint templating is bypassed for system-scoped tokens since they don't have a project ID.
A workaround for this problem is to provide a non-project ID cinder endpoint in the service catalog specifically for system users. This will require the cinderclient to append a fake value (e.g., the zero UUID) to the endpoint before sending the request to cinder.
Changed in python-cinderclient: | |
importance: | Undecided → High |