Rackspace authentication is broken
Bug #1274201 reported by
Jason Dunsmore
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Heat |
Fix Released
|
High
|
Richard Lee |
Bug Description
The following patch broke Rackspace authentication:
https:/
Rackspace doesn't have a v3 of its identity (keystone) service in production, so there will need to be an option to use v2 or v3.
Changed in heat: | |
assignee: | nobody → andersonvom (andersonvom) |
Changed in heat: | |
assignee: | Richard Lee (rblee88) → andersonvom (andersonvom) |
Changed in heat: | |
assignee: | andersonvom (andersonvom) → Richard Lee (rblee88) |
Changed in heat: | |
assignee: | Richard Lee (rblee88) → Jason Dunsmore (jasondunsmore) |
Changed in heat: | |
assignee: | Jason Dunsmore (jasondunsmore) → Richard Lee (rblee88) |
Changed in heat: | |
status: | Fix Committed → Fix Released |
Changed in heat: | |
milestone: | icehouse-3 → 2014.1 |
To post a comment you must log in.
Setting this to opinion so we can discuss the way forward.
The keystone-v3-only BP is transitioning Heat to using the keystone v3 API exclusively, for the following reasons:
- Keystone are planning to deprecate the v2 API (in Juno)
- We currently have a horrible mixture of v2 and v3 in heat_keystoneclient to support trusts
- To fix bug #1089261 and implement bp instance-users, we need domains, which don't exist in v2
So I think we're doing the right thing by integrating with what is in Icehouse v3 Keystone for Heat Icehouse.
However I realize there may need to be some way for you to support a legacy/third-party solution while transitioning to Keystone, and we can discuss ways to enable that (without derailing the upstream roadmap).
One way which springs to mind is we make the client wrapper provided via heat_keystonecl ient.py pluggable so you can plug in some alternative implementation (all our interaction with keystone except auth_token is abstracted via this wrapper class)