Auth protocol doesn't work properly for admin users
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Yogeshwar |
Bug Description
At present, keystone returns all tenants for admin users, which prevents us from implementing the auth protocol as described here: http://
* Create unscoped token UTOKEN using auth(username, password)
* Use UTOKEN to get a TENANT_LIST
* From TENANT_LIST choose TENANT
* Use auth(UTOKEN, TENANT) to get SCOPEDTOKEN
For admin users, TENANT_LIST may include tenants of which they are not members. Thus, auth(UTOKEN, NOTMYTENANT) will fail for those tenants.
Some strategies to fix this include:
* return a user-scoped list of tenants to admin users when they use publicURL or internalURL (I like this one!)
* Let admins switch between tenants freely even if they are not members (this still leaves initial auth complex)
* allow admins to filter the list ala nova's get /servers api
Changed in keystone: | |
status: | New → Fix Committed |
Changed in keystone: | |
status: | Fix Committed → Confirmed |
status: | Confirmed → Fix Committed |
Changed in keystone: | |
importance: | Undecided → Medium |
From an internal URL, can it return all tenants but for a public URL return only the user-scoped tenants?
I'm not 100% sure why it's returning all tenants right now and am checking on that.
Also, Anthony - is this a showstopper for Dashboard diablo?