OpenStack Identity (keystone)

Global role operations do not work

Bug #988737 reported by jiangkai zhang on 2012-04-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Invalid	Undecided	Unassigned

Bug Description

Debug #933565 has report GET /users/{user_id}/roles not implemented.

I have found that PUT /users/{user_id}/roles/OS-KSADM/{role_id} is not implemented too.

>>> keystone.roles._update("/users/2f14870588174f31a62d6bc52592cdfd/roles/OS-KSADM/1285ab5fd06a4437a58ee6f994207900",None,"roles")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/stack/python-keystoneclient/keystoneclient/base.py", line 94, in _update
    resp, body = methods[method](url, body=body)
  File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 172, in put
    return self._cs_request(url, 'PUT', **kwargs)
  File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 150, in _cs_request
    **kwargs)
  File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 130, in request
    raise exceptions.from_response(resp, body)
keystoneclient.exceptions.HTTPNotImplemented: User roles not supported: tenant_id required (HTTP 501)

DELETE /users/{user_id}/roles/OS-KSADM/{role_id} results in AttributeError:'RoleController' object has no attribute 'delete_role_from_user'.(HTTP 500)

>>> keystone.roles._delete("/users/2f14870588174f31a62d6bc52592cdfd/roles/OS-KSADM/1285ab5fd06a4437a58ee6f994207900")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/stack/python-keystoneclient/keystoneclient/base.py", line 88, in _delete
    resp, body = self.api.delete(url)
  File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 175, in delete
    return self._cs_request(url, 'DELETE', **kwargs)
  File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 150, in _cs_request
    **kwargs)
  File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 130, in request
    raise exceptions.from_response(resp, body)
keystoneclient.exceptions.ClientException: Unable to communicate with identity service: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/eventlet/wsgi.py", line 336, in handle_one_response
    result = self.application(self.environ, start_response)
  File "/usr/lib/python2.7/dist-packages/paste/urlmap.py", line 203, in __call__
    return app(environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/opt/stack/keystone/keystone/common/wsgi.py", line 299, in __call__
    response = request.get_response(self.application)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/opt/stack/keystone/keystone/common/wsgi.py", line 299, in __call__
    response = request.get_response(self.application)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/opt/stack/keystone/keystone/common/wsgi.py", line 299, in __call__
    response = request.get_response(self.application)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/opt/stack/keystone/keystone/common/wsgi.py", line 299, in __call__
    response = request.get_response(self.application)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/opt/stack/keystone/keystone/common/wsgi.py", line 322, in __call__
    resp = req.get_response(self.application)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "/usr/lib/pymodules/python2.7/routes/middleware.py", line 131, in __call__
    response = self.app(environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "/usr/lib/pymodules/python2.7/routes/middleware.py", line 131, in __call__
    response = self.app(environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "/usr/lib/pymodules/python2.7/routes/middleware.py", line 131, in __call__
    response = self.app(environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 159, in __call__
    return resp(environ, start_response)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/opt/stack/keystone/keystone/common/wsgi.py", line 178, in __call__
    method = getattr(self, action)
AttributeError: 'RoleController' object has no attribute 'delete_role_from_user'
. (HTTP 500)

So all global role operation methods listed below will fail in python keystoneclient API, when tenant is None.

RoleManager.roles_for_user(self, user, tenant=None)
RoleManager.add_user_role(self, user, role, tenant=None)
RoleManager.remove_user_role(self, user, role, tenant=None)
UserManager.list_roles(self,user,tenant=None)

Revision history for this message

Joseph Heck (heckj) wrote on 2012-05-05:

We're removing the concept of "global" roles - roles are applicable only by tenant, not as a global state.

Changed in keystone:
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.