You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@jclouds.apache.org by "Ignasi Barrera (JIRA)" <ji...@apache.org> on 2018/05/01 14:13:00 UTC

[jira] [Commented] (JCLOUDS-1414) OpenStack Keystone V3: Support different "domain" for "identity/user" and "project"

    [ https://issues.apache.org/jira/browse/JCLOUDS-1414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16459707#comment-16459707 ] 

Ignasi Barrera commented on JCLOUDS-1414:
-----------------------------------------

Thanks for your investigations [~axel3rd]. This really helps. It's been quite challenging to refactor our Keystone support while keeping backward compatibility, so there are places where there might be some awkward stuff. Naming is one example (tenant vs project).
I think this needs a bit more work on the names of properties and constants (even if it just means duplicating some) or small tweaks to the properties formats.
Given all the work you have just done investigating this, would you like to try going one step further and open a pull request to improve this? I would be more than happy to help and assist you.

> OpenStack Keystone V3: Support different "domain" for "identity/user" and "project"
> -----------------------------------------------------------------------------------
>
>                 Key: JCLOUDS-1414
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1414
>             Project: jclouds
>          Issue Type: Improvement
>          Components: jclouds-core
>    Affects Versions: 2.1.0
>            Reporter: Alix Lourme
>            Priority: Minor
>              Labels: keystone, openstack
>
> The [OpenStack KeyStone V3|https://jclouds.apache.org/blog/2018/01/16/keystone-v3/] is great, but fails when OpenStack platform in endpoint requires a _identify/user_ *domain* different than _project_ *domain.*
> Consider this required content for https://[host]/v3/auth/tokens endpoint:
> {code}
> {
>     "auth": {
>         "identity": {
>             "methods": ["password"],
>             "password": {
>                 "user": {
>                     "name": "foo",
>                     "domain": {
>                         "name": "ldap"
>                     },
>                     "password": "bar"
>                 }
>             }
>         },
>         "scope": {
>             "project": {
>                 "name": "myTenantName",
>                 "domain": {
>                     "name": "default"
>                 }
>             }
>         }
>     }
> }
> {code}
> The [BaseAuthenticator|https://github.com/jclouds/jclouds/blob/f7b45341328410dea583901a31218a3588cb5aad/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/auth/functions/BaseAuthenticator.java#L84] is using always the same domain for the request :(.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)