Can't get v3 endpoints with v2 in command line

I can reproduce the bug, tried debugging in OSC and see keystone is returning an empty list on:

https://github.com/openstack/python-openstackclient/blob/master/openstackclient/identity/v2_0/endpoint.py#L126

data = identity_client.endpoints.list()

steve: is that expected?

@lin, it's not

investigating.. it might be regression on keystone side

There is a logic in /v2.0/endpoints that will only returns endpoints created through the v2.0 api (where legacy_endpoint_id is not None).

Endpoints in devstack are now created via the v3 API, and thus the /v2.0/endpoints returns an empty list now.

This is working as designed.

If this is working as designed then the design is wrong.

Although this is absolutely working as originally designed, it's effectively broken. This bug report may also be a dupe?

Anyway, I think we (unfortunately) need to make a best guess to collapse multiple interface-specific, completely independent v3 endpoints into v2 endpoints (where at least a public URL is required, and admin & internal endpoints cannot exist on their own, according to the v2 spec).

This should not affect python-openstackclient.

Fix proposed to branch: master
Review: https://review.openstack.org/215870

I'm not sure what the expected result is, but I think returning endpoint list like this is not the best choice:

+----------------------------------+-----------+--------------+----------------+
| ID | Region | Service Name | Service Type |
+----------------------------------+-----------+--------------+----------------+
| None | RegionOne | heat-cfn | cloudformation |
| a50e4ac2c43c4ce39c4c44dc758d022a | RegionOne | cinder | volume |
| None | RegionOne | glance | image |
| None | RegionOne | keystone | identity |
| None | RegionOne | novav21 | computev21 |
| None | RegionOne | nova | compute |
| None | RegionOne | ec2 | ec2 |
| None | RegionOne | heat | orchestration |
+----------------------------------+-----------+--------------+----------------+

So I propose to assign v3 endpoint id with public url to v2 endpoint without legacy endpoint id

+----------------------------------+-----------+--------------+----------------+
| ID | Region | Service Name | Service Type |
+----------------------------------+-----------+--------------+----------------+
| ab365f5c61fe47419cece0d10ba91412 | RegionOne | heat-cfn | cloudformation |
| a50e4ac2c43c4ce39c4c44dc758d022a | RegionOne | cinder | volume |
| b3984c34e3774a7581b33caa6bad932e | RegionOne | glance | image |
| 99644479d39845369bde8a1b5e48d422 | RegionOne | keystone | identity |
| 38957890f8b1414e962ff10f61ea0f84 | RegionOne | novav21 | computev21 |
| 33e0e71f5f9d4e74a98cd6864a64cf2d | RegionOne | nova | compute |
| 55c90ddd7bc14c79a3c91e1c946c0f46 | RegionOne | ec2 | ec2 |
| 2d0fa3bddfd146f6a0dd7ba907aa9184 | RegionOne | heat | orchestration |
+----------------------------------+-----------+--------------+----------------+

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/230160

Reviewed: https://review.openstack.org/215870
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0d13a85e93737df8c9c130f194839b27d0781890
Submitter: Jenkins
Branch: master

commit 0d13a85e93737df8c9c130f194839b27d0781890
Author: Tony Wang <email address hidden>
Date: Fri Aug 21 23:41:32 2015 -0400

    Show v3 endpoints in v2 endpoint list

    v3 endpoints that are not migrated from v2 endpoints, were not shown in
    v2 endpoint list. While it was more clear, separating v2 and v3
    endpoints, it was not easy for tools or services which are still using
    v2 APIs to get the endpoints created by v3 API.
    Since it won't do harm to return more information, this commit is to
    show v3 endpoints in API call to list v2 endpoints.
    NOTE: public interface is required in a v2 endpoints, so only v3
    endpoints with public interface are added into the list.

    Change-Id: Id9b3822f87e973b6eb7dd9fc715c2dba76b9fe04
    Closes-Bug: #1480270

Reviewed: https://review.openstack.org/230160
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=4a239f23e3e599b55f6553f3b4f3290773d2ded7
Submitter: Jenkins
Branch: stable/liberty

commit 4a239f23e3e599b55f6553f3b4f3290773d2ded7
Author: Tony Wang <email address hidden>
Date: Fri Aug 21 23:41:32 2015 -0400

    Show v3 endpoints in v2 endpoint list

    v3 endpoints that are not migrated from v2 endpoints, were not shown in
    v2 endpoint list. While it was more clear, separating v2 and v3
    endpoints, it was not easy for tools or services which are still using
    v2 APIs to get the endpoints created by v3 API.
    Since it won't do harm to return more information, this commit is to
    show v3 endpoints in API call to list v2 endpoints.
    NOTE: public interface is required in a v2 endpoints, so only v3
    endpoints with public interface are added into the list.

    Change-Id: Id9b3822f87e973b6eb7dd9fc715c2dba76b9fe04
    Closes-Bug: #1480270
    (cherry picked from commit 0d13a85e93737df8c9c130f194839b27d0781890)

Fix proposed to branch: master
Review: https://review.openstack.org/235215

Reviewed: https://review.openstack.org/235215
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=88dccd1e57770d96177d63897fa05819f73cd8a6
Submitter: Jenkins
Branch: master

commit 8dcd82fb9c76d43f26338bee293b32f4af473ad9
Author: Lance Bragstad <email address hidden>
Date: Wed Sep 9 14:09:06 2015 +0000

    Ensure token validation works irrespective of padding

    In change I674bad86ccc9027ac3b365c10b3b142fc9d73c17 we removed the padding from
    Fernet tokens. This commit makes it so that we can validate Fernet tokens that
    come in with and without padding.

    Change-Id: I60e52af6c4cb39f2d136540a487bba8505a2c6b4
    Closes-Bug: 1491926
    (cherry picked from commit 90aca980587283d26fcfd20ae6be86ca1bbe2788)

commit 4a239f23e3e599b55f6553f3b4f3290773d2ded7
Author: Tony Wang <email address hidden>
Date: Fri Aug 21 23:41:32 2015 -0400

    Show v3 endpoints in v2 endpoint list

    v3 endpoints that are not migrated from v2 endpoints, were not shown in
    v2 endpoint list. While it was more clear, separating v2 and v3
    endpoints, it was not easy for tools or services which are still using
    v2 APIs to get the endpoints created by v3 API.
    Since it won't do harm to return more information, this commit is to
    show v3 endpoints in API call to list v2 endpoints.
    NOTE: public interface is required in a v2 endpoints, so only v3
    endpoints with public interface are added into the list.

    Change-Id: Id9b3822f87e973b6eb7dd9fc715c2dba76b9fe04
    Closes-Bug: #1480270
    (cherry picked from commit 0d13a85e93737df8c9c130f194839b27d0781890)

commit ec3ceb5956aa2bab5fe03107849a7ccde27ef87c
Author: OpenStack Proposal Bot <email address hidden>
Date: Thu Oct 1 06:09:29 2015 +0000

    Imported Translations from Zanata

    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure

    Change-Id: I621480e00e624575dd01138de260f246570aceee

commit 92f7085cd32d168771ca667fe2503222ef885902
Author: Marek Denis <email address hidden>
Date: Tue Jul 28 16:23:07 2015 +0200

    Skip rows with empty remote_ids

    Federation migration scripts are trying to migrate
    identity_provider.remote_id columns to a separate table remote_idps and
    so 1:N relations are possible. We should, however do any DB operations
    on identity_providers's values that have non null remote_id values.

    Change-Id: Ifbb80896969986bafedf1c879bc7474832afca60
    Closes-Bug: #1478961

This issue was fixed in the openstack/keystone 9.0.0.0b1 development milestone.