Public bug reported: name is required in REST API, but CLI requires an extra argument --pass
# uname -a Linux havana 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux # keystone-manage --version 2013.2 # keystone --version 0.3.2 # curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a" -d '{"user": {"name": "test-create"}}' HTTP/1.1 200 OK Vary: X-Auth-Token Content-Type: application/json Content-Length: 92 Date: Wed, 29 Jan 2014 07:27:09 GMT {"user": {"enabled": true, "name": "test-create", "id": "f23d8e2835a0491db1f13a313446768d"}} # keystone user-create --name test-create Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) if keystone cli supports creating an user without pass, we can update that user's password by: # keystone user-password-update test-create --pass xxx to verify this solution: # keystone user-role-add --user test-create --tenant admin --role admin # can be other tenant and role # keystone --os-username test-create --os-password xxx --os-tenant-name admin user-get test-create +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | enabled | True | | id | f23d8e2835a0491db1f13a313446768d | | name | test-create | +----------+----------------------------------+ the problem is that # keystone --debug user-create --name test-create WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). REQ: curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a" REQ BODY: {"user": {"email": null, "password": null, "enabled": true, "name": "test-create", "tenantId": null}} RESP: [400] CaseInsensitiveDict({'date': 'Wed, 29 Jan 2014 07:43:58 GMT', 'vary': 'X-Auth-Token', 'content-length': '236', 'content-type': 'application/json'}) RESP BODY: {"error": {"message": "Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}} the server side can bare pass attribute is not set, but cannot accept it is None.... we can fix this via set --pass to SUPRESS or update the server side validation to treat None as not set and leave it blank in db backend, I would prefer fix both side, since some user may claim such problem when he try to send a rest.json={..., 'pass': null} to server. ref: https://github.com/openstack/keystone/blob/2013.2.1/keystone/common/utils.py#L100 ** Affects: keystone Importance: Undecided Assignee: ZhiQiang Fan (aji-zqfan) Status: New ** Affects: python-keystoneclient Importance: Undecided Assignee: ZhiQiang Fan (aji-zqfan) Status: New ** Changed in: python-keystoneclient Assignee: (unassigned) => ZhiQiang Fan (aji-zqfan) ** Also affects: keystone Importance: Undecided Status: New ** Changed in: keystone Assignee: (unassigned) => ZhiQiang Fan (aji-zqfan) ** Description changed: name is required in REST API, but CLI requires an extra argument --pass + + # uname -a + Linux havana 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux + + # keystone-manage --version + 2013.2 # keystone --version 0.3.2 # curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a" -d '{"user": {"name": "test-create"}}' HTTP/1.1 200 OK Vary: X-Auth-Token Content-Type: application/json Content-Length: 92 Date: Wed, 29 Jan 2014 07:27:09 GMT {"user": {"enabled": true, "name": "test-create", "id": "f23d8e2835a0491db1f13a313446768d"}} # keystone user-create --name test-create Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) if keystone cli supports creating an user without pass, we can update that user's password by: # keystone user-password-update test-create --pass xxx to verify this solution: # keystone user-role-add --user test-create --tenant admin --role admin # can be other tenant and role # keystone --os-username test-create --os-password xxx --os-tenant-name admin user-get test-create +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | enabled | True | | id | f23d8e2835a0491db1f13a313446768d | | name | test-create | +----------+----------------------------------+ the problem is that # keystone --debug user-create --name test-create WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). REQ: curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a" REQ BODY: {"user": {"email": null, "password": null, "enabled": true, "name": "test-create", "tenantId": null}} RESP: [400] CaseInsensitiveDict({'date': 'Wed, 29 Jan 2014 07:43:58 GMT', 'vary': 'X-Auth-Token', 'content-length': '236', 'content-type': 'application/json'}) RESP BODY: {"error": {"message": "Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}} the server side can bare pass attribute is not set, but cannot accept it is None.... we can fix this via set --pass to SUPRESS or update the server side validation to treat None as not set and leave it blank in db backend, I would prefer fix both side, since some user may claim such problem when he try to send a rest.json={..., 'pass': null} to server. ref: https://github.com/openstack/keystone/blob/2013.2.1/keystone/common/utils.py#L100 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1273988 Title: keystoneclient requires --pass to create user while keystone doesn't Status in OpenStack Identity (Keystone): New Status in Python client library for Keystone: New Bug description: name is required in REST API, but CLI requires an extra argument --pass # uname -a Linux havana 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux # keystone-manage --version 2013.2 # keystone --version 0.3.2 # curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a" -d '{"user": {"name": "test-create"}}' HTTP/1.1 200 OK Vary: X-Auth-Token Content-Type: application/json Content-Length: 92 Date: Wed, 29 Jan 2014 07:27:09 GMT {"user": {"enabled": true, "name": "test-create", "id": "f23d8e2835a0491db1f13a313446768d"}} # keystone user-create --name test-create Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400) if keystone cli supports creating an user without pass, we can update that user's password by: # keystone user-password-update test-create --pass xxx to verify this solution: # keystone user-role-add --user test-create --tenant admin --role admin # can be other tenant and role # keystone --os-username test-create --os-password xxx --os-tenant-name admin user-get test-create +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | enabled | True | | id | f23d8e2835a0491db1f13a313446768d | | name | test-create | +----------+----------------------------------+ the problem is that # keystone --debug user-create --name test-create WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). REQ: curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a" REQ BODY: {"user": {"email": null, "password": null, "enabled": true, "name": "test-create", "tenantId": null}} RESP: [400] CaseInsensitiveDict({'date': 'Wed, 29 Jan 2014 07:43:58 GMT', 'vary': 'X-Auth-Token', 'content-length': '236', 'content-type': 'application/json'}) RESP BODY: {"error": {"message": "Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}} the server side can bare pass attribute is not set, but cannot accept it is None.... we can fix this via set --pass to SUPRESS or update the server side validation to treat None as not set and leave it blank in db backend, I would prefer fix both side, since some user may claim such problem when he try to send a rest.json={..., 'pass': null} to server. ref: https://github.com/openstack/keystone/blob/2013.2.1/keystone/common/utils.py#L100 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1273988/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
