** No longer affects: keystone ** Summary changed:
- cannot use v3 token with v2 services + Nova cannot validate v3 token by default -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1427878 Title: Nova cannot validate v3 token by default Status in OpenStack Compute (Nova): New Bug description: Scenario: keystone is enabled for v3 with v3 policy Create two domains: default domain has service user accounts and projects - user domain is backed by ldap and has plain end user accounts Configure Horizon to be domain aware - hard code the user domain as the keystone domain to use by default Configure a user in the user domain to have admin rights over the default domain service project Can login to Horizon using a user from the user domain Problem: most operations fail - not authorized - but Identity operations work fine I edited keystone/token/providers/common.py - I commented out the line self._assert_default_domain(token_ref) in def validate_v2_token(self, token_ref) I restarted keystone Now, everything works fine - no errors Why isn't the service trying to validate the v3 token? To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1427878/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp