The user create command is actually creating discrete users, each with a
"default tenant" reference.
While that's fine for a lot of simple use cases, it doesn't directly support a
user accessing multiple tenants at all.
Instead, create a role, and grant that role to a user-tenant pair, creating an
explicit relationship between the two. Using default tenants is optional with
this method, but will affect how users must auth.
-Dolph Mathews
On May 9, 2012, at 3:46 PM, Joshua Harlow <harlo...@yahoo-inc.com> wrote:
> A question,
>
> I am using anvil to setup the keystone roles/users/tenants.
>
> It seems like the python keystone client has the following command:
>
> client.users.create
>
> Which seems to take in the following:
>
> create(self, name, password, email, tenant_id=None, enabled=True):
>
> I would assume a user name can be used in multiple tenants but when I am
> trying to create a user that spans tenants and it seems like it borks.
>
> ClientException: Conflict occurred attempting to store user. (IntegrityError)
> (1062, "Duplicate entry 'admin' for key 'name'") 'INSERT INTO user (id, name,
> extra) VALUES (%s, %s, %s)' ('3e14a9c1fd404c7e81c0dba8bd640575', 'admin',
> '{"password":
> "$6$rounds=40000$yX5fL51OyGKjuPjr$8yv.S3GpqsKeaHv4GjNY4YW2vvykWzrEV7RX.qJpyy3CjmyXrZMRRJifEzfa7xv1l.NzoggQBXUAESn3Oqm0x/",
> "enabled": true, "email": "ad...@example.com", "tenantId":
> "d1506184877a449a91fc6adcb553ad97"}') (HTTP 409)
>
> Is this supposed to happen? Is the client supposed to send back this much
> info also (hashed password??) :-P
>
> Any ideas?
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
