The user create command is actually creating discrete users, each with a "default tenant" reference.
While that's fine for a lot of simple use cases, it doesn't directly support a user accessing multiple tenants at all. Instead, create a role, and grant that role to a user-tenant pair, creating an explicit relationship between the two. Using default tenants is optional with this method, but will affect how users must auth. -Dolph Mathews On May 9, 2012, at 3:46 PM, Joshua Harlow <harlo...@yahoo-inc.com> wrote: > A question, > > I am using anvil to setup the keystone roles/users/tenants. > > It seems like the python keystone client has the following command: > > client.users.create > > Which seems to take in the following: > > create(self, name, password, email, tenant_id=None, enabled=True): > > I would assume a user name can be used in multiple tenants but when I am > trying to create a user that spans tenants and it seems like it borks. > > ClientException: Conflict occurred attempting to store user. (IntegrityError) > (1062, "Duplicate entry 'admin' for key 'name'") 'INSERT INTO user (id, name, > extra) VALUES (%s, %s, %s)' ('3e14a9c1fd404c7e81c0dba8bd640575', 'admin', > '{"password": > "$6$rounds=40000$yX5fL51OyGKjuPjr$8yv.S3GpqsKeaHv4GjNY4YW2vvykWzrEV7RX.qJpyy3CjmyXrZMRRJifEzfa7xv1l.NzoggQBXUAESn3Oqm0x/", > "enabled": true, "email": "ad...@example.com", "tenantId": > "d1506184877a449a91fc6adcb553ad97"}') (HTTP 409) > > Is this supposed to happen? Is the client supposed to send back this much > info also (hashed password??) :-P > > Any ideas? > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp