<html><head></head><body bgcolor="#FFFFFF"><div>The user create command is actually creating discrete users, each with a "default tenant" reference.</div><div><br></div><div>While that's fine for a lot of simple use cases, it doesn't directly support a user accessing multiple tenants at all.</div><div><br></div><div>Instead, create a role, and grant that role to a user-tenant pair, creating an explicit relationship between the two. Using default tenants is optional wi<span class="Apple-style-span" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.292969); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); ">th this method, but will affect how users must auth.</span></div><div><br>-Dolph Mathews</div><div><br>On May 9, 2012, at 3:46 PM, Joshua Harlow <<a href="mailto:harlowja@yahoo-inc.com">harlowja@yahoo-inc.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>
<title>Keystone client, user belongs to many tenants?</title>
<font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt">A question,<br>
<br>
I am using anvil to setup the keystone roles/users/tenants.<br>
<br>
It seems like the python keystone client has the following command:<br>
<br>
client.users.create<br>
<br>
Which seems to take in the following:<br>
<br>
</span></font><font color="#323232"><font size="1"><font face="Courier, Courier New"><span style="font-size:9pt"> </span></font></font></font><font size="1"><font face="Courier, Courier New"><span style="font-size:9pt"><font color="#990606"><b>create</b></font><font color="#323232">(</font><font color="#999999">self</font><font color="#323232">, name, password, email, tenant_id<b>=</b></font><font color="#999999">None</font><font color="#323232">, enabled<b>=</b></font><font color="#999999">True</font><font color="#323232">):<br>
<br>
</font></span></font></font><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size:11pt">I would assume a user name can be used in multiple tenants but when I am trying to create a user that spans tenants and it seems like it borks.<br>
<br>
ClientException: Conflict occurred attempting to store user. (IntegrityError) (1062, "Duplicate entry 'admin' for key 'name'") 'INSERT INTO user (id, name, extra) VALUES (%s, %s, %s)' ('3e14a9c1fd404c7e81c0dba8bd640575', 'admin', '{"password": "$6$rounds=40000$yX5fL51OyGKjuPjr$8yv.S3GpqsKeaHv4GjNY4YW2vvykWzrEV7RX.qJpyy3CjmyXrZMRRJifEzfa7xv1l.NzoggQBXUAESn3Oqm0x/", "enabled": true, "email": "<a href="admin@example.com">admin@example.com</a>", "tenantId": "d1506184877a449a91fc6adcb553ad97"}') (HTTP 409)<br>
<br>
Is this supposed to happen? Is the client supposed to send back this much info also (hashed password??) :-P<br>
<br>
Any ideas?</span></font>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Mailing list: <a href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a></span><br><span>Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a></span><br><span>Unsubscribe : <a href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a></span><br><span>More help : <a href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a></span><br></div></blockquote></body></html>