[Openstack] [openstack][keystone] keystone api can not list all tenants

Steve Martinelli s.martinelli at gmail.com
Thu Aug 4 14:31:02 UTC 2016 

Yeah, as Boris mentioned, hitting :5000/v2.0/tenants (as it says here
http://developer.openstack.org/api-ref/identity/v2/index.html?expanded=list-tenants-detail#list-tenants)
will only list tenants the token is scoped to.

If you want to list *all* tenants in the cloud, use :35357/v2.0/tenants -
the 35357 port is for "admin" requests (
http://developer.openstack.org/api-ref/identity/v2-admin/index.html?expanded=list-tenants-admin-endpoint-detail#list-tenants-admin-endpoint
)

In v3 of our API we don't distinguish between admin and non-admin
operations at the path/route/port level, but rather using policy, so
hitting :5000/v3 is the way to go moving forward

On Thu, Aug 4, 2016 at 8:20 AM, Boris Bobrov <bbobrov at mirantis.com> wrote:

> Hi,
>
> On 08/04/2016 03:00 PM, Liao Tonglang wrote:
>
>> Hi,
>>
>> I want to get all tenants of my openstack server, but the api just return
>> one of them:
>>
>>     curl -H "X-Auth-Token:<token-of-admin>" \
>>             http://187.160.2:5000/v2.0/tenants
>>
>
> Best option: use API v3: http://187.160.2:5000/v3/projects
>
> Worse option: use port 35357: http://187.160.2:35357/v2.0/tenants
>
>
>
>> and it just return one:
>>     {
>>                 "tenants_links": [],
>>                 "tenants":
>>                         [{
>>                                 "description": "admin tenant",
>>                                 "enabled": true,
>>                                 "id": "8deb55590cc344bf99b2efa227e069d0",
>>                                 "name": "admin"
>>                         }]
>>         }
>>
>> While the command "keystone tenant-list" can do it right:
>>
>>     [root at controller ~(keystone_admin)]# keystone tenant-list
>>     +----------------------------------+----------+---------+
>>     |                id                |   name   | enabled |
>>     +----------------------------------+----------+---------+
>>     | 8deb55590cc344bf99b2efa227e069d0 |  admin   |   True  |
>>     | c044a216fdf643dea1ece022b8122614 |   demo   |   True  |
>>     | 48168a537442481e8254f9c018cb3215 |   mjj    |   True  |
>>     | 6686ee05ec264124847ddf0da2dde217 | services |   True  |
>>     +----------------------------------+----------+---------+
>>
>> So how can I let api do the same action as command "tenant-list"?
>>
>>
>> _______________________________________________
>> Mailing list: http://lists.openstack.org/cgi
>> -bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe : http://lists.openstack.org/cgi
>> -bin/mailman/listinfo/openstack
>>
>>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac
> k
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstac
> k
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160804/366cb21e/attachment.html>

More information about the Openstack mailing list