"Could not find requested endpoint in Service Catalog" when requesting unavailable identity endpoint

Bug #1709658 reported by Colleen Murphy on 2017-08-09
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
keystoneauth
Undecided
Colleen Murphy

Bug Description

Before keystoneauth 3.x, I could have this in the service catalog:

$ openstack catalog show keystone
+-----------+------------------------------------------------------------------------+
| Field | Value |
+-----------+------------------------------------------------------------------------+
| endpoints | CustomRegion |
| | public: http://192.168.122.2:5000/v2.0/ |
| | CustomRegion |
| | admin: http://d52-54-77-77-01-01.virtual.cloud.suse.de:35357/v2.0/ |
| | CustomRegion |
| | internal: http://d52-54-77-77-01-01.virtual.cloud.suse.de:5000/v2.0/ |
| | |
| id | 77d8350e736c4745954b4baf8adebc47 |
| name | keystone |
| type | identity |
+-----------+------------------------------------------------------------------------+

And then with OS_IDENTITY_API_VERSION=3 and OS_AUTH_URL=http://192.168.166.81:5000/ I could successfully issue identity commands from openstackclient.

With keystoneauth 3.x, this fails with the message "EndpointNotFound: Could not find requested endpoint in Service Catalog."

Now - this seems to add up, since I requested version 3 and all that is available is version 2. But it is surprising that a) it worked before and b) that it has stopped working, which seems to indicate a break in backwards compatibility.

Monty Taylor (mordred) wrote :

Can you do:

  curl http://192.168.166.81:5000/

and paste the output? (basically want to see if v3 is showing up in your version discovery document - which will help us track down what went wrong)

Colleen Murphy (krinkle) wrote :

Here's the output from the install where I found this, which was running liberty: http://paste.openstack.org/show/618012/

I've been able to reproduce with devstack on master as well by changing the identity endpoints to end in '/v2.0/' <--- and the trailing slash is critical.

Changed in keystoneauth:
assignee: nobody → Colleen Murphy (krinkle)
status: New → In Progress

Reviewed: https://review.openstack.org/492484
Committed: https://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=88827a895fd8606ac708b8858fa735377dca9238
Submitter: Jenkins
Branch: master

commit 88827a895fd8606ac708b8858fa735377dca9238
Author: Colleen Murphy <email address hidden>
Date: Thu Aug 10 13:45:14 2017 +0200

    Allow discovery URLs to have trailing slashes

    The _get_discovery_url_choices generator works by taking a starting URL,
    splitting it on '/', and working through the parts trying to get a
    matching discovery document from it. It makes assumptions about what the
    URL might look like: it might have a project ID on the end of it, and a
    version before that. If the starting URL has a trailing '/', splitting
    the URL results in an empty string at the end of the list of parts,
    which is then treated as a version. The real version is left on the URL
    while the generator assumes it has already trimmed the URL down to an
    unversioned endpoint. If that version does not match the version we're
    seeking, the resulting discovery document will be mismatched and the
    generator will fail to yield the right endpoint.

    This patch normalizes the starting URL by removing the trailing '/', if
    there is one. This way every part of the split URL will be meaningful.

    Closes-bug: #1709658

    Change-Id: I28c48f78d6f07804d6ea228f163dd37b0fcfcd58

Changed in keystoneauth:
status: In Progress → Fix Released
Colleen Murphy (krinkle) on 2017-08-14
description: updated

This issue was fixed in the openstack/keystoneauth 3.2.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers