HTTPUnauthorized does not include Keystone uri
Bug #1349364 reported by
Salvatore Pinto
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Invalid
|
Undecided
|
Unassigned | ||
keystonemiddleware |
Fix Released
|
Medium
|
Jamie Lennox |
Bug Description
Patch for https:/
Attached patch changes this behavior, setting the www-authenticate header to "Keystone uri" for the Keystone authentication scheme.
Changed in swift: | |
assignee: | nobody → Salvatore Pinto (salvatore-pinto) |
status: | New → In Progress |
Changed in keystonemiddleware: | |
milestone: | none → 1.2.0 |
Changed in keystonemiddleware: | |
importance: | Undecided → Medium |
Changed in keystonemiddleware: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
The original reason that www-authenticate returns a catch-all "swift" response is that the auth_uri parameter is not available to keystoneauth. The proxy-server.conf file looks like::
[filter: auth_token] /identity- endpoint/ v2.0
...
auth_uri = https:/
...
[filter: keystoneauth] keystoneauth
use = egg:swift#
It might seem a trivial change to move the auth_uri to the [default] section or to make a copy in [filter: keystoneauth] . However, that requires action by deployers....so your proposed patch is not backward compatible.