openstack/horizon
Code Issues Proposed changes

Force scope when listing domains

Browse Source 
since Caracal, when using domain-scoped token, keystone only returns
the domain the token is scoped to when listing domains [0].

Since Horizon does some behind-the-scenes swap of token scope when
doing some requests to Keystone, this breaks the Identity->Domains panel
for admins.

This patch forces the domain_list call to always use the original
auth scope, w/o a swap to the domain-scoped token.

[0] https://review.opendev.org/c/openstack/keystone/+/900028

Closes-Bug: #2067075
Change-Id: I4ff5f2de01c0bb13cfbb5136f40afe8187135686
This commit is contained in:
Pavlo Shchelokovskyy
2024-05-24 13:57:17 +00:00
parent a4404445ab
commit 964623e16b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
openstack_dashboard/api/keystone.py
View File

@@ -221,7 +221,7 @@ def domain_delete(request, domain_id):
@profiler.trace
def domain_list(request):
manager = keystoneclient(request, admin=True).domains
manager = keystoneclient(request, admin=True, force_scoped=True).domains
return manager.list()