[api] The param "X-Subject-Token" is not needed in API "GET /v3/auth/projects"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Low
|
Kristi Nikolla |
Bug Description
In the API guide about "GET /v3/auth/projects", request param "X-Subject-Token" is needed and the description is "The authentication token. An authentication response returns the token ID in this header rather than in the response body.".
But, this API call returns the list of projects that are available to be scoped to based on the X-Auth-Token provided in the request, "X-Subject-Token" is needless.Otherwise, the description about request param "X-Auth-Token" says "A valid authentication token for an administrative user.", it is wrong, this API need not admin permission.
For example:
[root@newton ~]# openstack user list
+------
| ID | Name |
+------
| 0f1d08247293493
| 1f5d5b4c4b47455
| 2580828c8b2346f
| 4bf88609b359438
| 8c1e33157bd242f
| d3751d1b99a24ad
| e18f6644b2534d5
+------
[root@newton ~]#
[root@newton ~]#
[root@newton ~]# openstack user create test
+------
| Field | Value |
+------
| domain_id | default |
| enabled | True |
| id | bc4a40549c074df
| name | test |
| password_expires_at | None |
+------
[root@newton ~]# openstack project create test-project
+------
| Field | Value |
+------
| description | |
| domain_id | default |
| enabled | True |
| id | 42e84e39c3c34b6
| is_domain | False |
| name | test-project |
| parent_id | default |
+------
[root@newton ~]# openstack role create test-role
+------
| Field | Value |
+------
| domain_id | None |
| id | 1ba4a059c608410
| name | test-role |
+------
[root@newton ~]# openstack role add --user bc4a40549c074df
[root@newton ~]# openstack role assignment list | grep bc4a40549c074df
| 1ba4a059c608410
[root@newton ~]# export ADMIN_TOKEN=
[root@newton ~]# openstack user set --password 123 bc4a40549c074df
[root@newton ~]# export TEST_TOKEN=`curl -si -d '{"auth"
[root@newton ~]#
[root@newton ~]# echo $ADMIN_TOKEN
f5b0e5bb89d44ec
[root@newton ~]# echo $TEST_TOKEN
c30e3c7a5b56455
[root@newton ~]# curl -s -H "Content-type: application/json" -H "X-Auth-Token: f5b0e5bb89d44ec
{
"links": {
"next": null,
"previous": null,
"self": "http://
},
"projects": [
{
"id": "197ec32558754c
},
"name": "admin",
},
{
"id": "7adcaac45b3449
},
"name": "alt_demo",
},
{
"id": "8f70581e91df49
},
"name": "demo",
}
]
}
[root@newton ~]#
[root@newton ~]# curl -s -H "Content-type: application/json" -H "X-Auth-Token: f5b0e5bb89d44ec
{
"links": {
"next": null,
"previous": null,
"self": "http://
},
"projects": [
{
"id": "197ec32558754c
},
"name": "admin",
},
{
"id": "7adcaac45b3449
},
"name": "alt_demo",
},
{
"id": "8f70581e91df49
},
"name": "demo",
}
]
}
[root@newton ~]#
[root@newton ~]# curl -s -H "Content-type: application/json" -H "X-Auth-Token: 00862092ecc54ed
{
"links": {
"next": null,
"previous": null,
"self": "http://
},
"projects": [
{
"id": "42e84e39c3c34b
},
"name": "test-project",
}
]
}
[root@newton ~]#
description: | updated |
description: | updated |
Changed in keystone: | |
milestone: | none → pike-1 |
importance: | Undecided → Low |
Fix proposed to branch: master /review. openstack. org/437973
Review: https:/