keystonemiddleware

region_name is not in keystone client auth_token config

Bug #1405717 reported by Yukihiro KAWADA on 2014-12-26

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	keystonemiddleware	Fix Released	Wishlist	Jamie Lennox	keystonemiddleware 2.2.0 "2.2.0"

Bug Description

We could not assign region name using keystoneclient.
I want to set 'auth_region_name' to config.

[keystone_authtoken]
auth_port=35357
:
auth_version=v2.0
auth_region_name=osa1

and usage is:
    # Y.Kawada get tenant detail
    client = keyclient.Client(username=CONF.keystone_authtoken.admin_user,
                                       password=CONF.keystone_authtoken.admin_password,
                                       tenant_name=CONF.keystone_authtoken.admin_tenant_name,
                                       auth_url=auth_url,
                                       region_name=CONF.keystone_authtoken.auth_region_name,)

Tags:

Yukihiro KAWADA (warp-kawada) on 2014-12-26

tags:

added: keystoneclient

Revision history for this message

Jamie Lennox (jamielennox) wrote on 2015-03-12:

#1

This would mean that you have multiple keystone's in different regions and that you have to pick between them for authentication? That's a valid case i just haven't heard anyone need it.

On the other hand if what you are saying is that you are trying to reuse the credentials in keystone_authtoken to authenticate for some other purpose (which needs a region) then please don't do that.

Changed in keystonemiddleware:
status:	New → Confirmed
importance:	Undecided → Wishlist

Revision history for this message

Jamie Lennox (jamielennox) wrote on 2015-03-12:

#2

From keyclient.Client(...) i'm guessing the later.

The options in keystone_authtoken are designed to be used ONLY by authtoken middleware. We do and have changed these options recently so the above code would break anyway.

Revision history for this message

Yukihiro KAWADA (warp-kawada) wrote on 2015-03-13:

#3

I use multiple keystone's in different regions.
Example, 'admin' user exists in each regions.
Each regions are very distant.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-25: Fix proposed to keystonemiddleware (master)

#4

Fix proposed to branch: master
Review: https://review.openstack.org/216579

Changed in keystonemiddleware:
assignee:	nobody → Jamie Lennox (jamielennox)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-09-03: Fix merged to keystonemiddleware (master)

#5

Reviewed: https://review.openstack.org/216579
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=2bba1827510803d8dc7795c905c511fa9045e813
Submitter: Jenkins
Branch: master

commit 2bba1827510803d8dc7795c905c511fa9045e813
Author: Jamie Lennox <email address hidden>
Date: Tue Aug 25 15:30:40 2015 +1000

Allow specifying a region name to auth_token

    The keystone that is used to validate tokens is determined from the
    service catalog. If you have multiple identity entries in your service
    catalog then you need to specify the region to use.

Add a region_name option.

Change-Id: I512dbcdc7031f476d691b7ce09b7c6411900ea9e
Closes-Bug: #1405717

Changed in keystonemiddleware:
status:	In Progress → Fix Committed

Doug Hellmann (doug-hellmann) on 2015-09-03

Changed in keystonemiddleware:
milestone:	none → 2.2.0
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.