Domain scope auth fails when use endpoint filter
Bug #1709801 reported by
Martins Jakubovics
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Martins Jakubovics | ||
Newton |
Won't Fix
|
Undecided
|
Martins Jakubovics | ||
Ocata |
New
|
Undecided
|
Unassigned |
Bug Description
When use endpoint_filter.sql catalog driver in Newton and authenticate with domain scope, we fail to receive endpoints. Should be all endpoints instead.
Changed in keystone: | |
assignee: | nobody → Martins Jakubovics (martins-k) |
To post a comment you must log in.
Looks like such backport are unable to include in upstream, so if someone have same issue, here are solution:
diff --git a/keystone/ contrib/ endpoint_ filter/ backends/ catalog_ sql.py b/keystone/ contrib/ endpoint_ filter/ backends/ catalog_ sql.py contrib/ endpoint_ filter/ backends/ catalog_ sql.py contrib/ endpoint_ filter/ backends/ catalog_ sql.py atalog( sql.Catalog) :
index b3c2ac5..028df36 100644
--- a/keystone/
+++ b/keystone/
@@ -34,8 +34,10 @@ class EndpointFilterC
services = {}
- dict_of_ endpoint_ refs = (self.catalog_api. for_project( project_ id)) endpoint_ refs = {} endpoint_ refs = (self.catalog_api. for_project( project_ id))
- list_endpoints_
+ dict_of_
+ if project_id:
+ dict_of_
+ list_endpoints_
if (not dict_of_ endpoint_ refs and
CONF. endpoint_ filter. return_ all_endpoints_ if_no_filter) :