Public bug reported: Delete token by owner (Logout from Horizon) as follows:
curl -i -X DELETE http://0.0.0.0:5000/v2.0/tokens/0c9d279867564955a98767b6493e8f30 -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: d13e923d3424485b8edae3496b9905be" Then get a "403 Forbidden" response caused by policy "admin_required" in assert_admin() in the API named "delete_token". HTTP/1.1 403 Forbidden Date: Sun, 12 Apr 2015 13:43:55 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_wsgi/3.4 Python/2.7.5 Vary: X-Auth-Token x-openstack-request-id: req-f5097bcd-764d-4e72-8aee-0382df15bfbc Content-Length: 186 Content-Type: application/json {"error": {"message": "You are not authorized to perform the requested action: identity:delete_token (Disable debug mode to suppress these details.)", "code": 403, "title": "Forbidden"}} Also, there will be an error message in horizon logs: Could not delete token The problem mainly causes by unreasonable admin role, those member users logout out from horizon unable to delete their own tokens, resulting in large numbers of redundancy tokens. In fact, it should be deleted by admin and owner. ** Affects: keystone Importance: Undecided Assignee: hongxiaolong (hongxiaolong-info) Status: New ** Changed in: keystone Assignee: (unassigned) => hongxiaolong (hongxiaolong-info) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1443104 Title: Owners logout from Horizon are not allowed to delete token with v2 API. Status in OpenStack Identity (Keystone): New Bug description: Delete token by owner (Logout from Horizon) as follows: curl -i -X DELETE http://0.0.0.0:5000/v2.0/tokens/0c9d279867564955a98767b6493e8f30 -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: d13e923d3424485b8edae3496b9905be" Then get a "403 Forbidden" response caused by policy "admin_required" in assert_admin() in the API named "delete_token". HTTP/1.1 403 Forbidden Date: Sun, 12 Apr 2015 13:43:55 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_wsgi/3.4 Python/2.7.5 Vary: X-Auth-Token x-openstack-request-id: req-f5097bcd-764d-4e72-8aee-0382df15bfbc Content-Length: 186 Content-Type: application/json {"error": {"message": "You are not authorized to perform the requested action: identity:delete_token (Disable debug mode to suppress these details.)", "code": 403, "title": "Forbidden"}} Also, there will be an error message in horizon logs: Could not delete token The problem mainly causes by unreasonable admin role, those member users logout out from horizon unable to delete their own tokens, resulting in large numbers of redundancy tokens. In fact, it should be deleted by admin and owner. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1443104/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp