Heat seems to ignore auth_uri

I suspect this code imports the option too late, after config files have already been parsed:

https://git.openstack.org/cgit/openstack/heat/tree/heat/api/aws/ec2token.py#n68

Dominik, I tried to reproduce this but I can't.
I'm not sure if I'm executing the correct steps, so could you post here a way to reproduce the issue?

I'm using the suse rpm's for havana.
I only specified the auth_uri in the heat config file.
Heat uses the default auth_host (127.0.0.1) insted of the one present in the auth_uri.

Dominik,
Sorry to bother you again, could you attach your heat config file?
I'm testing this against the last version of the source code, maybe that issue was fixed in a version after the one that is in suse rpm's.
If you do that, I could try your exact config file to be sure that I'm doing exact the same. If after this test, I can't reproduce the issue, I'll try to find if this was fixed in a version between the suse rpm's and the last version of heat.
BTW, Do you know the exact version of Havana that your SUSE is installing?

openstack-heat-2013.2.2.dev3.g2beab02

Dominik,
Thanks for the config file, it was useful.
I checked the code more in detail and I found that the one that is not using the auth_uri is the keystone client, not heat. In keystone, auth_uri is only used to fill 'WWW-Authenticate' header and auth_host is used to build the keystone URL.
I don't know much about keystone, so I'm not qualified to tell if it is a keystone bug, but it seems that the purpose of auth_uri is only related to 'WWW-Authenticate'.
I found this by reproducing the bug, doing a stack-list. How do you reproduce the bug? Maybe my way to reproduce it is not the right one.

My way to reproduce is similar.
I think the heat-api uses keystoneclient to verify user authentification - so the bug may be in keystone as I also see this issue with ceilometer.

Adding the keystone source code.
https://git.openstack.org/cgit/openstack/python-keystoneclient/tree/keystoneclient/middleware/auth_token.py#n675

Please check you don't have any stale paste ini files, as these can also specify the auth_uri, and take precedence over the .conf file if they exist - if so it could be a packaging issue.

/etc/heat/api-paste.ini:
http://pastebin.com/cE2CzUem

Apparently this bug is not valid for heat anymore.
When keystone_authtoken::auth_uri is set in the config file, Heat is using it when contacting keystone for auth_token.