Federated auth plugins do not work with unversioned auth_url

Bug #1998366 reported by Pavlo Shchelokovskyy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
keystoneauth
Status tracked in Bobcat
Bobcat
Fix Released
Medium
Pavlo Shchelokovskyy

Bug Description

When using federated auth identity plugins (anything based on FederationBaseAuth basically) providing the auth_url in unversioned form (w/o /v3 at the end) breaks auth as it attempts to post to <keystone-url-w/o-v3>/OS_FEDERATION which is incorrect and results in 404 NotFound from Keystone.

On the other hand, other v3-specific identity plugins like V3Password work fine with such auth_url, adding v3 if needed.

Changed in keystoneauth:
status: New → In Progress
Revision history for this message
Pavlo Shchelokovskyy (pshchelo) wrote :
Changed in keystoneauth:
assignee: nobody → Pavlo Shchelokovskyy (pshchelo)
Changed in keystoneauth:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystoneauth (master)

Reviewed: https://review.opendev.org/c/openstack/keystoneauth/+/866189
Committed: https://opendev.org/openstack/keystoneauth/commit/737790f7329a83822b442498cb5b618f9c9f4edd
Submitter: "Zuul (22348)"
Branch: master

commit 737790f7329a83822b442498cb5b618f9c9f4edd
Author: Pavlo Shchelokovskyy <email address hidden>
Date: Wed Nov 30 18:56:55 2022 +0200

    Allow federation to work with unversioned auth_url

    while e.g. V3Password works perfectly fine with unversioned auth_url
    like 'http://keystone', everything based on FederationBaseAuth
    does not and only requires versioned v3 auth_url.

    Since OS_FEDERATION is implemented only in v3, this patch
    makes sure that federated_token_url has v3 in it, thus allowing
    for unversoned auth_url as well.

    Closes-Bug: #1998366
    Change-Id: I1f0b00b6f721c53bb5308e03223d0c1564ca81b3

Changed in keystoneauth:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystoneauth 5.2.0

This issue was fixed in the openstack/keystoneauth 5.2.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.