OpenStack Dashboard (Horizon)

neutron requests missing tenant_id in certain keystone configurations

Bug #1400418 reported by Kevin Benton on 2014-12-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	Fix Released	Undecided	Kevin Benton	OpenStack Dashboard (Horizon) 2015.1.0 "kilo"

Bug Description

None of the Neutron object create requests include the tenant_id that should own the object. This is fine when the tenant_id is explicitly set in the keystone context passed to Neutron because it derives the tenant_id from that. However, if another keystone authentication method is used that only sets the token, the tenant_id won't be present and Neutron will give the following error to create requests:

"Running without keystone AuthN requires that tenant_id is specified"

OpenStack Infra (hudson-openstack) on 2014-12-08

Changed in horizon:
assignee:	nobody → Kevin Benton (kevinbenton)
status:	New → In Progress

Revision history for this message

Lin Hua Cheng (lin-hua-cheng) wrote on 2014-12-08:

https://review.openstack.org/#/c/133884/

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-10: Fix merged to horizon (master)

Reviewed: https://review.openstack.org/133884
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=b29a5eff1b62b418159aa4689adeac8f396e56c9
Submitter: Jenkins
Branch: master

commit b29a5eff1b62b418159aa4689adeac8f396e56c9
Author: Kevin Benton <email address hidden>
Date: Fri Dec 5 11:42:13 2014 -0800

Provide tenant_id in Neutron create requests

    Include the tenant_id explicitly in the Neutron object creation
    requests rather than assuming that all of the information can
    be derived from Keystone. This fixes deployments that only pass
    tokens to Neutron.

Closes-Bug: #1400418
Change-Id: I10d50c202c7fd156455a97c6a5451225154ae0bc

Changed in horizon:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2014-12-18

Changed in horizon:
milestone:	none → kilo-1
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-20: Fix proposed to horizon (stable/icehouse)

Fix proposed to branch: stable/icehouse
Review: https://review.openstack.org/143260

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-20: Fix proposed to horizon (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/143261

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2014-12-29:

Although I could not chime in the review of the master branch, I wonder why tenant_id always needs to be passed to Neutron when creating a Neutron resource. I think POST without tenant_id is very common case in OpenStack REST API, so why we need to treat Neutron specially. Is it a common practice across all OpenStack projects? If not, it is not a Horizon problem but a Neutron issue. Could you clarify the condition where this bug occurs more? Is it a special case for Neutron? If so, we should consider it is fixed in Neutron and only if it cannot be fixed in neutron we should add a workaround in Horizon.

Revision history for this message

Kevin Benton (kevinbenton) wrote on 2014-12-29:

This happens when using 'noauth' on the Neutron side.

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2015-01-05:

Horizon requires keystone. I am not sure we need to support a case where keystone is enabled but neutron does not use keystone.
There are several services which support to skip keystone auth (such as Glance). It is not specific to Neutron.
I am just afraid we are going to ad-hoc way...

Revision history for this message

Kevin Benton (kevinbenton) wrote on 2015-01-05:

If horizon is the only public facing component, neutron can have keystone disabled since it's in a trusted network.

Revision history for this message

Dave Walker (davewalker) wrote on 2015-03-04:

@Kevin, have you been able to progress this with Neutron core?

Revision history for this message

Kevin Benton (kevinbenton) wrote on 2015-03-09:

#10

It ultimately depends on if we want Horizon to support deployments where Keystone is not enabled on one of the services. Akihiro mentioned Glance has a deployment like that, is it okay to do the same thing for Neutron?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-04-21: Change abandoned on horizon (stable/icehouse)

#11

Change abandoned by Kevin Benton (<email address hidden>) on branch: stable/icehouse
Review: https://review.openstack.org/143260
Reason: no interest in supporting limited keystone environments.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-04-21: Change abandoned on horizon (stable/juno)

#12

Change abandoned by Kevin Benton (<email address hidden>) on branch: stable/juno
Review: https://review.openstack.org/143261
Reason: no interest in supporting limited keystone environments.

Thierry Carrez (ttx) on 2015-04-30

Changed in horizon:
milestone:	kilo-1 → 2015.1.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.