Keystone middleware auth_token assumes top level URL when making http connection

Bug #994860 reported by Adam Young
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Adam Young

Bug Description

THe auth_uri is built up in the initialization code:

        default_auth_uri = '%s://%s:%s' % (auth_protocol,
                                           self.auth_host,
                                           self.auth_port)
        self.auth_uri = conf.get('auth_uri', default_auth_uri)

but to make an http connection, it uses the auth_host and auth_port:

    def _get_http_connection(self):
        return self.http_client_class(self.auth_host, self.auth_port)

This prevents Keystone from being run using a different URI scheme such as:

https://hostname/keystone/main/v2.0

Adam Young (ayoung)
Changed in keystone:
assignee: nobody → Adam Young (ayoung)
Joseph Heck (heckj)
Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Adam Young (ayoung) wrote :

The q

summary: - Keystone middleware auth_token ignores auth_uri when making http
+ Keystone middleware auth_token assumes top level URL when making http
connection
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/7156

Changed in keystone:
status: Triaged → In Progress
Revision history for this message
Adam Young (ayoung) wrote :

Testing done:

On a Devstack instance, running with this patch, I was able to get Glance to talk to a Keystone instance running inside of HTTPD with https://hostname/keystone/admin and https://hostname/keystone/main as the starting points for what is usually ports 35757 and 5000. Both the CLI and Glance were able to talk to Keystone, with glance image-list completing successfully.

Additionally, running with the patch applied on a non-customized system, nova, glance, and Horizon all worked normally talking to keystone on the normal ports.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/7156
Committed: http://github.com/openstack/keystone/commit/ae0515c3a078ce27ccca1ef5a98092208c030f2f
Submitter: Jenkins
Branch: master

commit ae0515c3a078ce27ccca1ef5a98092208c030f2f
Author: ayoung <email address hidden>
Date: Sat May 5 14:08:18 2012 -0400

    Admin Auth URI prefix

    Allows the prepending of a prefix to the URI used for admin tasks. This allows URIs like
    https://hostname/keystone/main/v2.0

    PEP8 fix
    Added To Unit test to ensure auth_prefix is checked

    Bug: 994860
    Change-Id: I851e059e8b17c1bc02ab93d8b09a3fb47b9d3fee

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
milestone: none → folsom-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: folsom-3 → 2012.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.