Ask Your Question
0

Updating objects in Keystone using v3 API http patch error

asked 2014-08-23 16:02:59 -0500

astone gravatar image

updated 2014-08-26 09:36:19 -0500

smaffulli gravatar image

I've been trying update objects in keystone with the v3 API but keep receiving the same kind of message. For example, if i try to change the password of a user or if i try to change the description on a domain. It all boils down to takes exactly 4 non-keyword arguments...3 given

I'm completely lost as to why this is failing as it's following the same patterns explained in this API doc: http://developer.openstack.org/api-re...

Prove that the object does exist:

 INFO: 1 * Sending client request on thread main
1 > GET https://135.121.18.47:35357/v3/domains/f50f4689424d4a2ba6254924d0edb8d4
1 > X-Auth-Token: password

INFO: 2 * Client response received on thread main
2 < 200
2 < Connection: keep-alive
2 < Content-Length: 186
2 < Content-Type: application/json
2 < Date: Sat, 23 Aug 2014 20:56:15 GMT
2 < Vary: X-Auth-Token
{"domain": {"enabled": true, "id": "f50f4689424d4a2ba6254924d0edb8d4", "links": {"self": "https://135.121.18.47:35357/v3/domains/f50f4689424d4a2ba6254924d0edb8d4"}, "name": "wscDomain"}}

Update the description for the domain

INFO: 1 * Sending client request on thread main
1 > PATCH https://XXXX:35357/v3/domains/f50f4689424d4a2ba6254924d0edb8d4
1 > Content-Type: application/json
1 > X-Auth-Token: password
{
  "domain" : {
    "description" : "new description",
    "enabled" : true
  }
}

INFO: 2 * Client response received on thread main
2 < 400
2 < Connection: keep-alive
2 < Content-Length: 126
2 < Content-Type: application/json
2 < Date: Sat, 23 Aug 2014 20:56:15 GMT
2 < Vary: X-Auth-Token
{"error": {"message": "update_domain() takes exactly 4 non-keyword arguments (3 given)", "code": 400, "title": "Bad Request"}}

Here's the keystone log entries:

2014-08-23 21:04:12.243 1265 ERROR keystone.common.wsgi [-] update_domain() takes exactly 4 non-keyword arguments (3 given)
2014-08-23 21:04:12.243 1265 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-08-23 21:04:12.243 1265 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 207, in __call__
2014-08-23 21:04:12.243 1265 TRACE keystone.common.wsgi     result = method(context, **params)
2014-08-23 21:04:12.243 1265 TRACE keystone.common.wsgi   File "/usr/lib/python2.6/site-packages/keystone/common/controller.py", line 152, in inner
2014-08-23 21:04:12.243 1265 TRACE keystone.common.wsgi     return f(self, context, *args, **kwargs)
2014-08-23 21:04:12.243 1265 TRACE keystone.common.wsgi TypeError: update_domain() takes exactly 4 non-keyword arguments (3 given)

Here's my current situation (dev enviroment - passwords/id aren't important):

Role called 'admin'
Domain called 'testDomain'
Project called 'projectTest'
User called 'admin' with password 'admin' created in the domain 'testDomain' and has been assigned role 'admin'

I'm trying to change project enabled from true to false. Here's all the output.

###################################################
 FETCHING TOKEN AS USER ADMIN, WITH THE SCOPE OF THE DOMAIN
###################################################

Aug 25, 2014 11:51:59 AM org.glassfish.jersey.filter.LoggingFilter log
INFO: 1 * Sending client request on thread main
1 > POST https://x.x.x.x:35357/v3/auth/tokens
1 > Content-Type: application/json
{
  "auth" : {
    "identity" : {
      "methods" : [ "password" ],
      "password" : {
        "user" : {
          "name" : "admin",
          "domain" : {
            "id" : "f50f4689424d4a2ba6254924d0edb8d4"
          },
          "password" : "admin"
        }
      }
    },
    "scope" : {
      "domain" : {
        "id" : "f50f4689424d4a2ba6254924d0edb8d4"
      }
    }
  }
}

Aug 25 ...
(more)
edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-08-23 23:37:27 -0500

Haneef Ali gravatar image

updated 2014-08-24 00:34:32 -0500

Can you give few more details?

1) Are you using ADMIN token from config file?  If so can you try with proper token instead of ADMIN token from conf file. 
2) Which client are you using?

Update 1:

I believe keystone checks who can update the domain. (i.e) domain_id of the caller. If you use ADMIN token, keystone won't be getting domain_id of the caller, since ADMIN token doesn't refer to any user

edit flag offensive delete link more

Comments

Thanks for the reply. That is correct, I am using the password defined in the config as my token value. Would that make a difference? And why? I'll try with regular token. I am using a client I'm writing in Java. Intent is to act as full admin/control from within the client.

astone gravatar imageastone ( 2014-08-24 00:19:19 -0500 )edit

Thanks for the update. Didn't get a chance to try today but will tomorrow. I'm surprised that keystone would still need to validate the domain_id of the caller - shouldn't using the admin token completely bypass any kind of authorization checking? Essentially - admin token == god user - let them do all.

astone gravatar imageastone ( 2014-08-24 20:58:34 -0500 )edit

Which version are u using? I'm able to update using ADMIN token. Only the filters will have problem with ADMIN token. BTW mine is 2 week old code

Haneef Ali gravatar imageHaneef Ali ( 2014-08-25 11:35:36 -0500 )edit

I believe I'm using Icehouse version 3. Perhaps I'll spin up a VM with version 4 and try.

I installed using the following: yum install -y http://repos.fedorapeople.org/repos/o...

Thank you again for following up with me!

astone gravatar imageastone ( 2014-08-25 12:43:48 -0500 )edit

I looked at the code, and it may be the server is not getting data.

Can you do the following? Edit this file /usr/lib/python2.6/site-packages/keystone/common/controller.py Line 152, just print the args .ie print args or LOG.debug(args)

Haneef Ali gravatar imageHaneef Ali ( 2014-08-25 12:44:38 -0500 )edit
see more comments

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-08-23 16:02:59 -0500

Seen: 362 times

Last updated: Aug 26 '14

Related questions

Why is openstack still using api version v2 and not v3 for api endpoints?

How to find out who's logged into Horizon ?

Document keystone v3 migration

keystone and saml, shibboleth

locked out situation with default domain?

ERROR Insufficient Storage Account HEAD returning 503

Dashboard cannot access identity tab

Can I set tenant-id programmatically?

create stack api

Invalid OpenStack Identity credentials