This is not a bug. A role's domain is not just a property but its
namespace; a domain owns a role, same as it owns a user or a project. If
it was allowed to change, anything that referred to it by its name and
domain would suddenly find it missing. Instead of changing a role's
domain, just create a new role in the domain.
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1848400
Title:
Can not change domain of role
Status in OpenStack Identity (keystone):
Invalid
Bug description:
openstack --debug role set --domain default
707f0cc1809944c89c063420ccc0436f
BadRequest: {} does not have enough properties
Failed validating 'minProperties' in schema:
{'additionalProperties': True,
'minProperties': 1,
'properties': {'name': {'maxLength': 255,
'minLength': 1,
'pattern': '[\\S]+',
'type': 'string'}},
'type': 'object'}
On instance:
{} (HTTP 400) (Request-ID: req-88887cd7-e6d5-4cc0-abfc-6d2c18aed525)
END return value: 1
journalctl -f -u devstack@keystone.service
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]: DEBUG
keystone.common.authorization [None req-88887cd7-e6d5-4cc0-abfc-6d2c18aed525
None admin] RBAC: Authorization granted {{(pid=1718198) check_policy
/opt/stack/keystone/keystone/common/authorization.py:165}}
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]: WARNING
keystone.common.wsgi [None req-88887cd7-e6d5-4cc0-abfc-6d2c18aed525 None admin]
{} does not have enough properties
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]: Failed
validating 'minProperties' in schema:
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]:
{'additionalProperties': True,
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]:
'minProperties': 1,
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]:
'properties': {'name': {'maxLength': 255,
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]:
'minLength': 1,
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]:
'pattern': '[\\S]+',
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]:
'type': 'string'}},
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]: 'type':
'object'}
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]: On instance:
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]: {}:
SchemaValidationError: {} does not have enough properties
Oct 15 08:39:50 openstack1 devstack@keystone.service[1718188]: [pid:
1718198|app: 0|req: 21145/169188] 10.110.56.114 () {64 vars in 1335 bytes} [Tue
Oct 15 08:39:50 2019] PATCH /identity/v3/roles/707f0cc1809944c89c063420ccc0436f
=> generated 452 bytes in 18 msecs (HTTP/1.1 400) 5 headers in 186 bytes (1
switches on core 0)
Version:
# git log
commit 79ed42ee67915383242541329dd5aa186f087ff2
Author: Raildo Mascena <rmasc...@redhat.com>
Date: Wed Jul 24 10:20:17 2019 -0300
Fix python3 compatibility on LDAP search DN from id
In Python 3, python-ldap no longer allows bytes for some fields (DNs,
RDNs, attribute names, queries). Instead, text values are represented
as str, the Unicode text type.
[1] More details about byte/str usage in python-ldap can be found at:
http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode
Change-Id: I63e3715032cd8edb11fbff7651f5ba1af506dc9d
Related-Bug: #1798184
(cherry picked from commit 03531a56910b12922afde32b40e270b7d68a334b)
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1848400/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
