What is the version of your keystone? My version is 2013.2~rc1-0ubuntu1~cloud0 I run same case on my host, (a) were encountered, but (b) not I try to run command with --debug, find user-role-list will use the authenticated user id as a default user-id, Please check whether your authenticated user had roles in the tenant So I think (a) is default behavior, is not a bug :)
(a) root@ubuntu-02:~# keystone user-role-list --tenant-id d5e7a29a420949d3a7ef1c0513c5477a root@ubuntu-02:~# keystone user-role-list --tenant-id d5e7a29a420949d3a7ef1c0513c5477a --user-id 63e367c0374e48a59e0e69f763590a35 +----------------------------------+----------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+----------+----------------------------------+----------------------------------+ | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 63e367c0374e48a59e0e69f763590a35 | d5e7a29a420949d3a7ef1c0513c5477a | +----------------------------------+----------+----------------------------------+----------------------------------+ (b) root@ubuntu-02:~# keystone user-role-list --tenant service --user cinder +----------------------------------+--------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+--------+----------------------------------+----------------------------------+ | c4327e8913ca41b59f61bd5f58d8e420 | Member | 89b87b9b584b40a09aae9d9283992444 | d5e7a29a420949d3a7ef1c0513c5477a | | 6d740d49f4424501a83439dcbd03e027 | admin | 89b87b9b584b40a09aae9d9283992444 | d5e7a29a420949d3a7ef1c0513c5477a | +----------------------------------+--------+----------------------------------+----------------------------------+ -----邮件原件----- 发件人: James [mailto:jamesze...@gmail.com] 发送时间: 2013年10月15日 4:43 收件人: openstack@lists.openstack.org 主题: [Openstack] keystone client issues All, Hoping someone can point me in the right direction with two questions I have. (a) Getting Roles from Tenant I'm trying to get list of *all users* that are part of a project, as follows: % keystone tenant-list | grep -i test-lab | 19371ce3a80b47e6bc31d7576c912de3 | train-lab-04 | True | % keystone user-role-list --tenant-id 19371ce3a80b47e6bc31d7576c912ce3 <-- empty response % keystone user-role-list --tenant-id 19371ce3a80b47e6bc31d7576c912de3 --user-id 08fda199e7e34348ab2d216d1ac18f9a +----------------------------------+--------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+--------+----------------------------------+----------------------------------+ | bff399d92fa74d2e81ffdebb9cd4cc11 | member | 08fda199e7e34348ab2d216d1ac18f9a | 19371ce3a80b47e6bc31d7576c912ce3 | +----------------------------------+--------+----------------------------------+----------------------------------+ Is this a bug, or is there a way to get a list of all users that are members of a tenant? Seems like the user-role-list command should execute without a user-id being passed in. (b) Using Non-UUID Values I've seen some folks use usernames instead of UUIDs like this: keystone user-role-list --tenant <blah> --user <blah2> When I attempt do to this, I get the following error: An unexpected error prevented the server from fulfilling your request. global name 'user_ref' is not defined (HTTP 500) Is there something that prevents me from using usernames and plain tenant names instead of UUIDs, or is this a bug with the client? Thanks! _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
