Keystone API v3 lists disabled endpoints and services in catalog
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Dolph Mathews |
Bug Description
When endpoint or service has "enabled" attribute set to "False", it is still listed in catalog (`keystone catalog` command and/or in catalog part of token.
Create testing service (simplifies output later):
> localhost:5000
> POST /v3/services
> '{"service"
response:
> {'service': {'id': '<SERVICE-ID>',
> 'links': {'self': 'http://
> 'name': 'My svc',
> 'type': 'testing'}}
Create disabled endpoint:
> localhost:5000
> POST /v3/endpoints
> '{"endpoint":{
> "enabled":false,
> "name":"My disabled",
> "interface"
> "url":"
> "service_
response:
> {'endpoint': {'enabled': False,
> 'id': '<ENDPOINT-ID>',
> 'interface': 'public',
> 'links': {'self': 'http://
> 'name': 'My disabled',
> 'region': None,
> 'service_id': '<SERVICE-ID>',
> 'url': 'disabled_URL'}}
Now request token and see that it's catalog/endpoints part contains:
> localhost:5000
> POST /v3/auth/tokens
> '{"auth":{
> "identity":
> {"methods"
> "password":{
> "user":
> "scope"
snippet of response:
> {'token': {'catalog': [
> ...
> {'endpoints': [{'enabled': False,
> 'id': '<ENDPOINT-ID>',
> 'interface': 'public',
> 'legacy_
> 'name': 'My disabled',
> 'region': None,
> 'url': 'disabled_URL'}],
> 'id': '<SERVICE-ID>',
> 'type': 'testing'},
> ...
Also it gets listed in response of `keystone catalog` (API v2):
> # keystone catalog --service testing
> Service: testing
> +------
> | Property | Value |
> +------
> | id | <ENDPOINT-ID> |
> | publicURL | disabled_URL |
> | region | |
> +------
The same example applies to Service with enabled=false.
See https:/
And https:/
Changed in keystone: | |
assignee: | Brant Knudson (blk-u) → nobody |
status: | In Progress → Triaged |
Changed in keystone: | |
assignee: | nobody → Brant Knudson (blk-u) |
Changed in keystone: | |
milestone: | icehouse-3 → icehouse-rc1 |
Changed in keystone: | |
milestone: | icehouse-rc1 → icehouse-3 |
Changed in keystone: | |
milestone: | icehouse-3 → icehouse-rc1 |
Changed in keystone: | |
assignee: | Dolph Mathews (dolph) → David Stanek (dstanek) |
Changed in keystone: | |
assignee: | David Stanek (dstanek) → Dolph Mathews (dolph) |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | icehouse-rc1 → 2014.1 |
well, I don't think just make it simply invisible in catalog is a good idea.