[RFE] Add 'OPENSTACK_ENDPOINT_REGION' env in openstack_auth

Bug #1814043 reported by Yang Youseok on 2019-01-31
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Undecided
Unassigned

Bug Description

Patch of 'https://review.openstack.org/#/c/263911/' add specifying region at the horizon login step.

It assume region for other resources is same as login region. But keystone identity endpoint can be used globally.

For example,

```
(openstack) root@r2control0:/vagrant/utils# openstack endpoint list --service keystone
+----------------------------------+--------------+--------------+--------------+---------+-----------+------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+--------------+--------------+--------------+---------+-----------+------------------------------------+
| 10c1b95b2bd64ffba7dcafc8d2ac9858 | devel-r2 | keystone | identity | True | internal | https://devel-api.9rum.cc:5000/v3 |
| 5dbc177b7c4644dea1f0f08255e383e3 | kfield-devel | keystone | identity | True | internal | https://devel-api.9rum.cc:5000/v3 |
| 7e65f96540634503a9b3fcebbdbf42d8 | devel-r2 | keystone | identity | True | admin | https://devel-api.9rum.cc:35357/v3 |
| ba9f88fde4b143a791791454b72c229d | devel-r2 | keystone | identity | True | public | https://devel-api.9rum.cc:5000/v3 |
| c9cf3f1f28144b73bf3e161644b269ae | kfield-devel | keystone | identity | True | admin | https://devel-api.9rum.cc:35357/v3 |
| dc55bd5100374540b39cb4ccbef7f2ab | kfield-devel | keystone | identity | True | public | https://devel-api.9rum.cc:5000/v3 |
+----------------------------------+--------------+--------------+--------------+---------+-----------+------------------------------------+
```

in this case, if 'kfield-devel' region is returned for service_regions, other resources(projects..) are no longer accessible since user does not have 'devel-r2' region at all. At the login time, user only have 'kfield-devel' so unauthorized permission error blocks further progress.

So, I think providing 'OPENSTACK_ENDPOINT_REGION' for specify login region, operator can specify a region for identity service which is also available to access other resources.

Thanks

XiaojueGuan (xiaojuegaun) wrote :

the patch: https://review.openstack.org/#/c/263911/ seems no longer be responsible to the action on the master branch

Yang Youseok (ileixe) wrote :
Ivan Kolodyazhny (e0ne) on 2019-02-27
Changed in horizon:
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers