openstackclient fails with --os-token and --os-url
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-openstackclient |
Fix Released
|
Critical
|
Dean Troyer |
Bug Description
Since https:/
Test:
export OS_IMAGE_
export OS_IDENTITY_
export OS_TOKEN=
export OS_URL=http://
Try any operation:
[root@packstack2 ~]# openstack service list
WARNING: openstackclient
WARNING: openstackclient
'StrOpt' object has no attribute 'deprecated'
And returns 1.
With a version before merging that patch:
# openstack service create compute
WARNING: openstackclient
WARNING: openstackclient
+------
| Field | Value |
+------
| enabled | True |
| id | 780dab36834b45f
| name | |
| type | compute |
+------
[root@packstack2 ~]# openstack service list
WARNING: openstackclient
WARNING: openstackclient
+------
| ID | Name | Type |
+------
| 780dab36834b45f
+------
Note this is having a high impact as this mechanism is used to bootstrap keystone in different deployment tools.
no longer affects: | python-openstackclient (Ubuntu) |
Changed in python-openstackclient: | |
assignee: | nobody → Adam Young (ayoung) |
Changed in python-openstackclient: | |
status: | New → Triaged |
importance: | Undecided → Critical |
assignee: | Adam Young (ayoung) → Dean Troyer (dtroyer) |
This is one of those things that has multiple causes, uncovered by the commit referenced above in the report.
* KSA (and KSC before it) auth plugins have never properly supported the original token/endpoint authentication. KSA now has token_endpoint. Token which handles the plugin part correctly, however there is no compatible loader for it. I4ddb2dbbb3bf2a b37494468eaf65c ef9213a6e00 attempted to convert the TokenEndpoint plugin in OSC to a loader, but was incomplete. client_ config. OSC_Config ready to add a hook to o-c-c's get_one_cloud() method that lets us replace select_ auth_plugin( ) and build_auth_params() and call them at the right time in the o-c-c handling flow.
* os-client-config performs KSA plugin loading (!!!!!) causing things to happen way before OSC is ready. OSC already had common.
The plan is to fix the TokenEndpoint auth plugin loader and switch to using OSC_Config. These two changes (combined) will get the auth arguments set up correctly for o-c-c to do its thing and not choke on --os-url and --os-token options.