Bug 1126869

Summary: Enumerate Projects with Unscoped Tokens
Product: Red Hat OpenStack Reporter: Nathan Kinder <nkinder>
Component: python-keystoneclientAssignee: Adam Young <ayoung>
Status: CLOSED NOTABUG QA Contact: Rodrigo Duarte <rduartes>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 5.0 (RHEL 6)CC: ayoung, jruzicka, nbarcet, nlevinki, yeylon
Target Milestone: z5Keywords: Rebase, Triaged, ZStream
Target Release: 6.0 (Juno)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-18 17:20:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1126594    

Description Nathan Kinder 2014-08-05 13:40:19 UTC
Creating a client with a session using an Unscoped tokens needs to set auth
info in client.  This Auth Info is necessary in order to enumerate
projects.  This is the standard login path for Horizon.

Comment 3 Nathan Kinder 2015-12-10 19:49:05 UTC
This is addressed in the upstream 0.11.2 release of python-keystoneclient.  We currently ship 0.11.1 in OSP6.  We should rebase to 0.11.2

Comment 5 Adam Young 2015-12-11 19:36:58 UTC
To verify, you need an unscoped token.  This can be done either by removing the default project ID for a user or by using the LDAP backend.  Do not set the OS_PROJECT_ID or OS_PROJECT_NAME variables either.

The CLI call `openstack project list` should be sufficient.  It should succeed with an unscoped token and list the project for the user.

Comment 6 Adam Young 2016-03-18 17:20:07 UTC
This is not tied to a customer, and is not a problem in the version of Horizon that was reported.  This is, instead, a feature that was under development at the time that has been merged upstream.