v2 default domain not respected via admin endpoint
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Henry Nash |
Bug Description
So I'm not sure if this is a bug or a feature I just don't want, but it seems that requesting a tenant list via the v2.0 API via the admin endpoint doesn't respect the "default" domain, so you see projects for all domains:
[shardy@localhost ~]$ keystone --os-token f3aaf1597ad546f
+------
| id | name | enabled |
+------
| 20aedb59aeb247b
| b5d498f9631244b
+------
[shardy@localhost ~]$ keystone --os-token f3aaf1597ad546f
+------
| id | name | enabled |
+------
| 20aedb59aeb247b
| 620f89a53d35496
| b5d498f9631244b
| b5caca84c0db452
| cbbffb57ff0149f
| be4cd31a14ab4ca
| 2752427c70784ed
| c8d527072b28424
| f7d52276b01c493
+------
This is particularly confusing when combined with the magic properties of keystoneclient's --os-tenant-name option, which means that if you specify the admin tenant (openrc admin admin), then it selects the admin endpoint:
[shardy@localhost ~]$ keystone --os-username admin --os-password foobar --os-auth-url http://
+------
| id | name | enabled |
+------
| 20aedb59aeb247b
| b5d498f9631244b
+------
[shardy@localhost ~]$ keystone --os-tenant-name admin --os-username admin --os-password foobar --os-auth-url http://
+------
| id | name | enabled |
+------
| 20aedb59aeb247b
| 620f89a53d35496
| b5d498f9631244b
| b5caca84c0db452
| cbbffb57ff0149f
| be4cd31a14ab4ca
| 2752427c70784ed
| c8d527072b28424
| f7d52276b01c493
+------
Can anyone clarify if this is working as designed or a bug?
tags: | added: havana-backport-potential |
Changed in keystone: | |
assignee: | nobody → Henry Nash (henry-nash) |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | icehouse-3 → 2014.1 |
Need to figure out if havana & grizzly are affected as well