Cannot force v2password auth plugin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-openstackclient |
Fix Released
|
High
|
Jamie Lennox |
Bug Description
To make OSC do v2 authentication with the keystone V3 APIs (which is necessary short term to update devstack to v3 everywhere) we need to force the use of the v2password plugin, otherwise OSC defaults to v3 auth.
The keystoneclient v2password plugin registers the project scoping parameters as --os-tenant-id and --os-tenant-name because this is what they were called in v2. I do not think that the v2 password plugin should look for the --os-project-id and --os-project-name params because the intended use case of plugins is that you would specify a plugin name and know what arguments that plugin took, and 'projects' didn't exist in v2.
In OSC we register all the options for all the plugins on the system at initialize time, this is something we should fix anyway. During this process we register the --os-tenant-X options with an os_project_X destination (attribute name on parsed namespace object) from the generic password plugin before the v2password plugin can register it to the os_tenant_X attribute. I suspect this would change based on the ordering of plugins but i haven't tried this.
When os-client-config is told that it should look up the auth parameters for v2password it tries to find the tenant_X parameters on the parsed namespace and fails because those values have been saved to the project_X parameters. It therefore returns auth options that don't include the tenant scope.
OSC then tries to validate the options it receives from OCC and because there is no project_X or domain_X scoping information it fails validation.
The best solution to this is to not register every plugin to argparse and use the keystoneclient.
Changed in python-openstackclient: | |
status: | New → In Progress |
assignee: | nobody → Jamie Lennox (jamielennox) |
milestone: | none → m13 |
milestone: | m13 → m12 |
Changed in python-openstackclient: | |
importance: | Undecided → High |
status: | Fix Committed → Fix Released |
--os-auth-type doesn't work for this?