User cannot perform self operations with unscoped token
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-keystoneclient |
Invalid
|
Undecided
|
Unassigned | ||
python-openstackclient |
New
|
Undecided
|
Unassigned |
Bug Description
$ cat ~/devel/
unset `env | awk -F= '/OS_/ {print $1}' | xargs`
export OS_PASSWORD=
export OS_USERNAME=
export OS_AUTH_URL=http://
. ~/devel/
openstack project list
Missing parameter(s):
Set a scope, such as a project or domain, set a project scope with --os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with --os-domain-name, OS_DOMAIN_NAME or auth.domain_name
openstack user show
Missing parameter(s):
Set a scope, such as a project or domain, set a project scope with --os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with --os-domain-name, OS_DOMAIN_NAME or auth.domain_name
openstack user show $OS_USERNAME
Missing parameter(s):
Set a scope, such as a project or domain, set a project scope with --os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with --os-domain-name, OS_DOMAIN_NAME or auth.domain_name
this is what Horizon does:
curl -H "X-Auth-Token: $AUTH_TOKEN" -H "Content-type: application/json" $OS_AUTH_ URL/v3/ auth/projects
{"links": {"self": "http:// x86.trystack. org:5000/ v3/auth/ projects", "previous": null, "next": null}, "projects": [{"is_domain": false, "description": "Auto created account", "links": {"self": "http:// x86.trystack. org:5000/ v3/projects/ 38db4610673545e 58a99d7c0ea7081 74"}, "enabled": true, "id": "38db4610673545 e58a99d7c0ea708 174", "parent_id": null, "domain_id": "default", "name": "facebook665086 733"}]}
In general, without a scoped token, keystone operations can only be performed against the AUTH_URL. Thus, the enumeration of user specific information must be under OS_AUTH_URL/v3/auth