<div dir="ltr"><br><div class="gmail_quote"><div dir="ltr">On Wed, Sep 21, 2016 at 9:03 AM Adrian Turjak <<a href="mailto:adriant@catalyst.net.nz" target="_blank">adriant@catalyst.net.nz</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Nope, default keystone policy has not allowed you to get your own user until this patch was merged:<br>
<a href="https://github.com/openstack/keystone/commit/c990ec5c144d9b1408d47cb83cb0b3d6aeed0d57" target="_blank">https://github.com/openstack/keystone/commit/c990ec5c144d9b1408d47cb83cb0b3d6aeed0d57</a></p>
<p dir="ltr">Sad but true it seems. :(<br></p></blockquote>Wow, you're right! That's certainly true for both liberty and mitaka in both of the policy files:<div><br></div><div>* <a href="https://github.com/openstack/keystone/blob/stable/liberty/etc/policy.json#L44" target="_blank">https://github.com/openstack/keystone/blob/stable/liberty/etc/policy.json#L44</a><br></div><div>* <a href="https://github.com/openstack/keystone/blob/stable/liberty/etc/policy.v3cloudsample.json#L49">https://github.com/openstack/keystone/blob/stable/liberty/etc/policy.v3cloudsample.json#L49</a><br></div><div>* <a href="https://github.com/openstack/keystone/blob/stable/mitaka/etc/policy.json#L44" target="_blank">https://github.com/openstack/keystone/blob/stable/mitaka/etc/policy.json#L44</a></div><div>* <a href="https://github.com/openstack/keystone/blob/stable/mitaka/etc/policy.v3cloudsample.json#L48">https://github.com/openstack/keystone/blob/stable/mitaka/etc/policy.v3cloudsample.json#L48</a><br></div><br class="inbox-inbox-Apple-interchange-newline"><div>I should also express a +1 for something along the lines of your original proposal. I'd go so far as to suggest that `openstack show user` (without a user ID or name as an argument) should return "me" (the authenticated user), as I think that'd be a better user experience.</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr"></p>
<p dir="ltr">On 22/09/2016 12:58 AM, Dolph Mathews <<a href="mailto:dolph.mathews@gmail.com" target="_blank">dolph.mathews@gmail.com</a>> wrote:<br>
><br>
><br>
><br>
> On Wed, Sep 21, 2016 at 12:31 AM Adrian Turjak <<a href="mailto:adriant@catalyst.net.nz" target="_blank">adriant@catalyst.net.nz</a>> wrote:<br>
>><br>
>> The default keystone policy up until Newton doesn't let a user get their<br>
>> own user<br>
><br>
><br>
> This seems to be the crutch of your issue - can you provide an example of this specific failure and the corresponding policy? As far as I'm aware, the default upstream policy files have allowed for this since about Grizzly or Havana, unless that's quietly broken somehow.<br>
>  <br>
>><br>
>><br>
>><br>
>><br>
>> __________________________________________________________________________<br>
>> OpenStack Development Mailing List (not for usage questions)<br>
>> Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
> -- <br>
> -Dolph<br></p>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote></div></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr">-Dolph</div></div>