You have been subscribed to a public bug: We found two problems related to updating user via keystone.
(1) Via, the instruction of updating user on, http://docs.openstack.org/api/openstack-identity- service/2.0/content/POST_updateUser_v2.0_users__userId__.html It is required POST action to update the existing user email, name, or description. Via my verification, POST to update existing user caused { "error": { "message": "The resource could not be found.", "code": 404, "title": "Not Found" } } The detailed detail for this test is, [root@lijunj ~]# curl -i http://localhost:35357/v3/users/fee07a4ebc014744b31564835b715aa1 -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: ADMIN" --data ' > { > "user": { > "id": "fee07a4ebc014744b31564835b715aa1", > "description": "v3 keystone user test", > "email": "none@", > "enabled": true > } > }' HTTP/1.1 404 Not Found Vary: X-Auth-Token Content-Type: application/json Content-Length: 93 Date: Mon, 15 Jul 2013 02:23:44 GMT {"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}} I ensure the id fee07a4ebc014744b31564835b715aa1 user which is exisitng already in environment. Below is the output of listing v3/users/fee07a4ebc014744b31564835b715aa1 [root@lijunj ~]# curl -i http://localhost:35357/v3/users/fee07a4ebc014744b31564835b715aa1 -X GET -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: ADMIN" HTTP/1.1 200 OK Vary: X-Auth-Token Content-Type: application/json Content-Length: 349 Date: Mon, 15 Jul 2013 02:24:51 GMT {"user": {"aa": "144442", "name": "test", "bb": "23", "debug- wrongattribute": "12345", "cc": "45", "enabled": true, "links": {"self": "http://localhost:5000/v3/users/fee07a4ebc014744b31564835b715aa1"}, "id": "fee07a4ebc014744b31564835b715aa1", "email": "[email protected]", "debug_wrongattribute": "12345", "domain_id": "default", "tenantId": ""}} The user fee07a4ebc014744b31564835b715aa1 was created for testing. We may discuss this document correction-ability. And, POST can not be done for updating user, but PUT action can be done. (2) Document in http://docs.openstack.org/ does not mention, updating user can support to refresh a user tenant id/ project id. And "keystone user-update" command does not allow to have any parameter to refresh tenant-id / project-id of a user. But REST API keeps silent for any clients attempting to change a existing user tenant id or project id. >From my test verification, in spite of changing tenant/project id for a existing user, the user still belongs to the original tenant / project. That means, updating tenant / project id for a user is invalid. --Create user curl -i http://localhost:35357/v2.0/users/ -X POST -H "Content-Type: application/json" -H "X-Auth-Token: ADMIN" --data ' { "user": { "name": "li-03", "description": "v2.0 keystone user test", "email": "none@", "tenantId": "ccaf7621482a41ce91d3ee824ff7c959", "password": "passw0rd", "enabled": true } }' Response: {"user": {"description": "v2.0 keystone user test", "name": "li-03", "enabled": true, "email": "none@", "id": "00027b03821f4b7590a1a94f865a61ff", "tenantId": "ccaf7621482a41ce91d3ee824ff7c959"}} -- List the tenant users. curl -i http://localhost:35357/v2.0/tenants/ccaf7621482a41ce91d3ee824ff7c959/users -X GET -H "Content-Type: application/json" -H "X-Auth-Token: ADMIN" {"users": [{"name": "sceagent", "id": "07d544b772ce4ab18592d165cea9b8da", "tenantId": ....//The content is not important. li-03 is in tenant ccaf7621482a41ce91d3ee824ff7c959 already. {"name": "li-03", "description": "v2.0 keystone user test", "enabled": true, "email": "none@", "id": "00027b03821f4b7590a1a94f865a61ff", "tenantId": "ccaf7621482a41ce91d3ee824ff7c959"}]} --Update user. Used anther tenant id inside, and rest api does not throw exception. curl -i http://localhost:35357/v2.0/users/00027b03821f4b7590a1a94f865a61ff -X PUT -H "Content-Type: application/json" -H "X-Auth-Token: ADMIN" --data ' { "user": { "name": "li-03", "description": "v2.0 keystone user test 01", "email": "none@", "tenantId": "e0cdb35aa15d45f998c308eb78407513", "password": "passw0rd", "enabled": true } }' Response: {"user": {"description": "v2.0 keystone user test 01", "name": "li-03", "extra": {"tenantId": "e0cdb35aa15d45f998c308eb78407513", "description": "v2.0 keystone user test 01", "email": "none@"}, "enabled": true, "email": "none@", "id": "00027b03821f4b7590a1a94f865a61ff", "tenantId": "e0cdb35aa15d45f998c308eb78407513"}} --List tenant e0cdb35aa15d45f998c308eb78407513 user curl -i http://localhost:35357/v2.0/tenants/e0cdb35aa15d45f998c308eb78407513/users -X GET -H "Content-Type: application/json" -H "X-Auth-Token: ADMIN" Response: {"users": []} The user was not updated to add into e0cdb35aa15d45f998c308eb78407513. >From above, we can not upate user to change a existing user tenant/project. Is >it good way we add the tight 'assert'/judgement for any attemption of >updating user tenantId property? ** Affects: keystone Importance: Undecided Status: Incomplete -- issues of updating user via keystone rest api https://bugs.launchpad.net/bugs/1201251 You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
