Ask Your Question
0

Keystone v3 Bug Domain always falls on default

asked 2015-09-01 08:40:20 -0600

latest_release gravatar image

This should be a bug on keystone v3, I try to a authenticate a user but the end point auth always defaults to a default installation domain even though I pass a valid user domain during auth.

Here is how I do it

from keystoneclient.v3 import client
from keystoneclient.auth.identity import v3
from keystoneclient import session
#from keystoneclient import client
from keystoneclient.v3.client import exceptions

keystone = client.Client(user_domain="TestDomainAgain",
                        username="dev@s8-software.com", password="Test",
                        project_domain_name="TestDomain",
                        project_name="S8Wangolo",
                        auth_url="http://192.168.1.142:5000/v3"
                       )

The above always resulted in the following error

keystoneclient.openstack.common.apiclient.exceptions.Unauthorized: The request you have made requires authentication. (HTTP 401)

When I hooked in the endpoint and put some debugging message on the password module I realized that the domain I pass was ignored silently. Here we go below

AUTH PAYLOAD  {u'user': {u'domain': {u'id': u'default'}, u'password': u'Test', u'name': u'dev@s8-software.com'}}
USER INFO  {u'domain': {u'id': u'default'}, u'password': u'Test', u'name': u'dev@s8-software.com'}
Password Is  Test UserName is  dev@s8-software.com
DOMAIN REF  {'enabled': True, u'description': u'Owns users and tenants (i.e. projects) available on Identity API v2.', 'name': u'Default', 'id': u'default'} ID  default

The domain I pass in silently ignored and the default is used, which in these cases is seems to be v2. It seems they are trying to locate the user in the default domain with pain because he does not exists.

1) Am i missing something in the client.Client 2) Is it a bug

Am using Ubuntu 14.04 Icehouse.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-09-02 03:00:12 -0600

Tobias Urdin gravatar image

Hello,

Please see http://docs.openstack.org/developer/p...

I think you should use sessions since the non-session way of authenticate has bee deprecated.

In your example I think user_domain should be user_domain_name when you pass the parameter, you should anyway use sessions since the code you are writing will be using deprecated methods.

If you still have issues and nobody here can answer it I would assume you can file a bug on Launchpad. https://bugs.launchpad.net/keystone

Best regards

edit flag offensive delete link more

Comments

Thanks, as you said, i changed user_domain to user_domain_name, an it works. THANKS, and also got it working with sessions.

latest_release gravatar imagelatest_release ( 2015-09-03 06:53:08 -0600 )edit

I'm glad it helped you out, please mark it as answered to help other finding the same issue.

Tobias Urdin gravatar imageTobias Urdin ( 2015-09-04 01:46:21 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2015-09-01 08:40:20 -0600

Seen: 395 times

Last updated: Sep 02 '15