cannot create user - 401 unauthoroized
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Unassigned |
Bug Description
I'm doing a PUT to /v2.0/users as ADMIN
eventlet.
But it fails with 401 Unauthorized.
Updating the code to print the request before creating
@utils.
def create_user(self, req):
print 'req %s' % req
user = utils.get_
print 'user %s' % user
print 'user.tenant_id %s' % user.tenant_id
return utils.send_
Shows that I'm tenant_id isn't being set:
{"user": {"tenant_id": "1234", "password": "asdf", "enabled": true, "id": "jesse", "email": "<email address hidden>"}}
user <keystone.
user.tenant_id None
Looking at logic/service.py:
dtenant = db_api.
if dtenant == None:
raise fault.Unauthori
Shows the exception.
Expected:
A user is created with primary tenant of 1234
Actual:
401 unauthorized
If the tenant is missing we should raise a BadRequestFault
if not isinstance(user, users.User):
raise fault.BadReques
We allow users without tenants. That was based on the conversation we had that you did not want to have to create a dummy tenant to park global users in. So creating a user without a tenant is supported, so it isn't a bad request. However, there obviously is a bug somewhere that maybe is not validating that the caller has the right to create a global user (a user without a tenant). I can add that test case...