keystonemiddleware

auth_token emits deprecation warning for keystoneclient

Bug #1647230 reported by Jamie Lennox on 2016-12-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	keystoneauth	Fix Released	Medium	Jamie Lennox
	keystonemiddleware	Won't Fix	Undecided	Unassigned

Bug Description

AuthToken middleware is emitting log warnings like:

UserWarning: Using keystoneclient sessions has been deprecated. Please update your software to use keystoneauth1.

This warning was added as part of https://review.openstack.org/#/c/387733/ to make sure users were passing keystoneauth sessions to keystoneauth libraries and not the older keystoneclient sessions.

Unfortunately this misses a hack we do in auth_token middleware where we build an adapter and pass the whole adapter as a session. This works because the relied on interface is designed to exactly match. Really this is a strange situation and we shouldn't be passing adapters around like this but it's a much larger fix to auth_token middleware to change this that doesn't have a functionality difference.

We should fix this in keystoneauth to allow this recursive adapter situation, as really all we care about in this check is that users aren't mixing keystoneclient and keystoneauth.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-05: Fix proposed to keystoneauth (master)

Fix proposed to branch: master
Review: https://review.openstack.org/406647

Changed in keystoneauth:
assignee:	nobody → Jamie Lennox (jamielennox)
status:	New → In Progress

Revision history for this message

Jamie Lennox (jamielennox) wrote on 2016-12-05:

Filing against keystonemiddleware because this is where people will likely encounter the problem. We should really fix keystonemiddleware to not nest the adapters like this.

Steve Martinelli (stevemar) on 2016-12-06

Changed in keystoneauth:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-16: Fix merged to keystoneauth (master)

Reviewed: https://review.openstack.org/406647
Committed: https://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=c5bac3a32c6a48a1f81e242638e586749a1f514b
Submitter: Jenkins
Branch: master

commit c5bac3a32c6a48a1f81e242638e586749a1f514b
Author: Jamie Lennox <email address hidden>
Date: Mon Dec 5 11:03:20 2016 +1100

Don't issue deprecation warning when nesting adapters

    Auth token middleware does a bit of a hack where it passes an Adapter in
    as a session to the client. This is useful there because we need to know
    much more about the authentication information than we do in most
    clients.

    We should look at fixing this in auth_token middleware, however for now
    we shouldn't issue a deprecation warning when a user passes an Adapter
    as a session object because this has always been designed to work - just
    not something we recommend.

Change-Id: If7ebe59d5908275e607f32244027c8e6f3d1e157
Closes-Bug: #1647230

Changed in keystoneauth:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-10: Fix included in openstack/keystoneauth 2.17.0

This issue was fixed in the openstack/keystoneauth 2.17.0 release.

Revision history for this message

Morgan Fainberg (mdrnstm) wrote on 2017-01-17:

Is this still an issue for ksm?

Changed in keystonemiddleware:
status:	New → Incomplete

Morgan Fainberg (mdrnstm) on 2018-10-24

Changed in keystonemiddleware:
status:	Incomplete → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.