Reviewed: https://review.openstack.org/282080 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c73a81e61d059f4ab9e9cc29bad5528e1459444b Submitter: Jenkins Branch: master
commit c73a81e61d059f4ab9e9cc29bad5528e1459444b Author: Matthew Edmonds <edmon...@us.ibm.com> Date: Thu Feb 18 17:02:09 2016 -0500 Allow user list without specifying domain With a single domain environment, users can be listed without specifying a domain. When moving to a multiple domain environment, this remains true for domain-scoped tokens but not for project-scoped tokens. Project-scoped tokens currently only work if the domain_id query parameter is specified. This has been a source of pain to many users, and is unnecessary. Just as the desired domain is assumed to be that to which the token is scoped when the token is domain-scoped, keystone can assume the desired domain is that of the project's domain when the token is project-scoped. Change-Id: I1d06935c06661109a523c5b4547ff01f23235a89 Closes-Bug: 1479578 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1479578 Title: Domain-specific config breaks some ops Status in OpenStack Identity (keystone): Fix Released Bug description: I set up a multi-domain config on my devstack and tried to do a simple: $ openstack user list with project-scoped environment variables (in fact I downloaded the admin-openrc.sh from Horizon). This results in: ERROR: openstack The request you have made requires authentication. (Disable debug mode to suppress these details.) (HTTP 401) (Request- ID: req-b687e823-9896-4905-83d3-b1e45fa966ed) If I disable domain-specific configs in the keystone.conf, it works again. If it *is* enabled, I can force a domain-specific request using something like: $ OS_TENANT_ID= OS_TENANT_NAME= OS_PROJECT_NAME= openstack --os- domain-name <name> user list However if I specify the default domain then I get this: ERROR: openstack User 0fa9633d884a42448bbd386778ca6b87 has no access to domain default (Disable debug mode to suppress these details.) (HTTP 401) (Request-ID: req-65e053e4-33c2-4b7b-aedf-30d3ef88735c) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1479578/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp