OpenStack Heat

Should be able to remove authtoken middleware without breaking

Bug #1259364 reported by Richard Lee
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat
Fix Released
Medium
andersonvom
OpenStack Heat 2014.1 "icehouse"

Bug Description

If I authenticate against keystone separately before heat and pass in the required auth headers, then I should still be able to use heat without having to authenticate one more time going through the authtoken middleware.

The authtoken middleware adds a X-Auth-Url header that is required for the resource clients, so removing the middleware, even if all keystone auth headers are passed into heat, would break the clients.

Since X-Auth-Url doesn't come from keystone, this logic should be moved to a different middleware to prevent having to double authenticate as mentioned before.

See original description
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/60991

Changed in heat:
assignee: nobody → andersonvom (andersonvom)
status: New → In Progress
Thomas Herve (therve)
Changed in heat:
milestone: none → icehouse-2
importance: Undecided → Medium
Steve Baker (steve-stevebaker)
Changed in heat:
milestone: icehouse-2 → icehouse-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/68800

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to heat (master)

Reviewed: https://review.openstack.org/60991
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=1e71566169d9ffb34ed4e1bdf3f264cbdbb567cb
Submitter: Jenkins
Branch: master

commit 1e71566169d9ffb34ed4e1bdf3f264cbdbb567cb
Author: Anderson Mesquita <email address hidden>
Date: Tue Jan 14 10:23:08 2014 -0600

    Assign X-Auth-Url header in a separate middleware

    authtoken middleware's current purpose is to set X-Auth-Url header to a
    value read from heat.conf.

    Since this value is not really related to anything the keystone
    middleware does and is instead read from a config file, it makes sense
    to move it from the authtoken middleware into its own middleware

    This change is the first step to grouping all X-Auth-Url related logic
    into one single middleware as opposed to have it scattered (or possibly
    repeated) in auth_token and auth_password. For example, auth_password
    also has some logic around it related to multi-cloud, which can be
    extracted and moved to auth_url middleware in a later patch, so that all
    handling of X-Auth-Url occurs in one place.

    Also, by extracting the X-Auth-Url logic, it allows cloud
    providers to remove auth_token or auth_password without side-effects.

    Closes-Bug: #1259364
    Change-Id: Ieb251c18aa091391a28a90c495b61cf41436f8b9

Changed in heat:
status: In Progress → Fix Committed
andersonvom (andersonvom)
description: updated
description: updated
Richard Lee (rblee88)
description: updated
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to heat (master)

Reviewed: https://review.openstack.org/68800
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=9ce4ab13380f96bdaf15311d560cf8a4735f94c8
Submitter: Jenkins
Branch: master

commit 9ce4ab13380f96bdaf15311d560cf8a4735f94c8
Author: Anderson Mesquita <email address hidden>
Date: Tue Jan 14 16:13:16 2014 -0600

    Move X-Auth-Url logic to auth_url middleware

    Refactoring the auth_password middleware to move X-Auth-Url logic
    into the auth_url middleware, so that all X-Auth-Url logic is
    handled in one place.

    This also adds the auth_url middleware in front of the auth_password
    middleware, so that there should be no behavior change

    Co-Authored-By: Richard Lee <email address hidden>
    Related-Bug: #1259364
    Change-Id: I3819cbf1a4c4955752dc7c804b0add1bab2b962c

Thierry Carrez (ttx)
Changed in heat:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in heat:
milestone: icehouse-3 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.