python-barbicanclient

Endpoint argument is ignored if authentication is used

Bug #1276002 reported by John Vrbanac
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-barbicanclient
Fix Released
High
Douglas Mendizábal
python-barbicanclient 3.0.0

Bug Description

When you provide both auth and endpoint arguments, the endpoint is completely ignored.

Example:
barbican --os-username {username} --os-password {password} --os-tenant-name {tenant} --os-auth-url {auth_uri} --endpoint {endpoint_uri} secret store --name 'test'

The client uses the uri provided in the service catalog on auth and completely ignore the endpoint given explicitly as an argument. This shouldn't be the case. If the user explicitly specifies a different endpoint, then that is what should be used. This especially affects test environments where you will be targeting a development endpoint that is different than what is listed in the keystone service catalog.

Tests:
 - All CLI tests when auth is configured.

Revision history for this message
Jarret Raim (jarret-raim) wrote :

This doesn't seem to be a bug? If you authenticate against a keystone instance, the only services that should accept that token have to be in that keystone's service catalog. Why would you need to authenticate against a keystone and use a service not in its catalog?

Douglas Mendizábal (dougmendizabal)
Changed in python-barbicanclient:
assignee: nobody → Douglas Mendizábal (dougmendizabal)
milestone: none → 3.0.0
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-barbicanclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/127862

Changed in python-barbicanclient:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-barbicanclient (master)

Reviewed: https://review.openstack.org/127862
Committed: https://git.openstack.org/cgit/openstack/python-barbicanclient/commit/?id=ddec180c419132589fac4d689ec1904b1b698f24
Submitter: Jenkins
Branch: master

commit ddec180c419132589fac4d689ec1904b1b698f24
Author: Douglas Mendizabal <email address hidden>
Date: Sun Oct 12 20:25:07 2014 -0500

    Refactored Client to use Keystone Sessions

    This CR changes the Client to use Keystone Sessions exclusively. All
    authentication that was previously available in barbicanclient is
    removed so that we can defer all authentication to keystoneclient.

    Unit tests for the client module have been refactored to test the new
    functionality.

    The README file has been updated to give an example of how to
    authenticate with Identity v3 using Sessions.

    The Client will now give priority to an endpoint that is passed in over
    endpoints found in the service catalog, which closes bug #1276002. This
    is helpful for development, where you might be running an instance of
    Barbican locally that uses a Keystone instance for authentication that
    does not have the Barbican service in its catalog.

    The CLI uses Keystone API v3 as the default authentication method, but
    can also use v2.0.

    DocImpact
    Implements: blueprint use-keystone-sessions
    Closes-Bug: #1276002

    Change-Id: I9d07cb50143c1f5cafea48318018a205f745999f

Changed in python-barbicanclient:
status: In Progress → Fix Committed
Douglas Mendizábal (dougmendizabal)
Changed in python-barbicanclient:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.