OSA uses deprecated tenant_id for endpoints in catalog

Bug #1651521 reported by Miguel Alejandro Cantu on 2016-12-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-ansible
Low
Unassigned

Bug Description

Per the keystone releate notes, which say
"Keystone supports $(project_id)s in the catalog. It works the same as $(tenant_id)s. Use of $(tenant_id)s is deprecated and catalog endpoints should be updated to use $(project_id)s."

All mentions of tenant_id to configure endpoints should be changed to project_id. I've pasted all mentions of "%(tenant_id" in the roles:

grep -ER '%\(tenant_id' *
os_cinder/defaults/main.yml:cinder_service_publicurl: "{{ cinder_service_publicuri }}/v1/%(tenant_id)s"
os_cinder/defaults/main.yml:cinder_service_adminurl: "{{ cinder_service_adminuri }}/v1/%(tenant_id)s"
os_cinder/defaults/main.yml:cinder_service_internalurl: "{{ cinder_service_internaluri }}/v1/%(tenant_id)s"
os_cinder/defaults/main.yml:cinder_service_v2_publicurl: "{{ cinder_service_publicuri }}/v2/%(tenant_id)s"
os_cinder/defaults/main.yml:cinder_service_v2_adminurl: "{{ cinder_service_adminuri }}/v2/%(tenant_id)s"
os_cinder/defaults/main.yml:cinder_service_v2_internalurl: "{{ cinder_service_internaluri }}/v2/%(tenant_id)s"
os_designate/templates/policy.json.j2: "owner": "tenant:%(tenant_id)s",
os_heat/defaults/main.yml:heat_service_publicurl: "{{ heat_service_publicuri }}/v1/%(tenant_id)s"
os_heat/defaults/main.yml:heat_service_adminurl: "{{ heat_service_adminuri }}/v1/%(tenant_id)s"
os_heat/defaults/main.yml:heat_service_internalurl: "{{ heat_service_internaluri }}/v1/%(tenant_id)s"
os_horizon/tests/os_horizon-overrides.yml:nova_service_publicurl: "{{ nova_service_publicuri }}/v2.1/%(tenant_id)s"
os_horizon/tests/os_horizon-overrides.yml:nova_service_adminurl: "{{ nova_service_adminuri }}/v2.1/%(tenant_id)s"
os_horizon/tests/os_horizon-overrides.yml:nova_service_internalurl: "{{ nova_service_internaluri }}/v2.1/%(tenant_id)s"
os_neutron/templates/neutron.conf.j2:nova_url = {{ nova_service_adminurl|replace('/%(tenant_id)s', '') }}
os_neutron/templates/policy.json.j2: "owner": "tenant_id:%(tenant_id)s",
os_nova/defaults/main.yml:nova_service_publicurl: "{{ nova_service_publicuri }}/v2.1/%(tenant_id)s"
os_nova/defaults/main.yml:nova_service_adminurl: "{{ nova_service_adminuri }}/v2.1/%(tenant_id)s"
os_nova/defaults/main.yml:nova_service_internalurl: "{{ nova_service_internaluri }}/v2.1/%(tenant_id)s"
os_sahara/defaults/main.yml:sahara_service_publicurl: "{{ sahara_service_publicuri }}/v1.1/%(tenant_id)s"
os_sahara/defaults/main.yml:sahara_service_internalurl: "{{ sahara_service_internaluri }}/v1.1/%(tenant_id)s"
os_sahara/defaults/main.yml:sahara_service_adminurl: "{{ sahara_service_adminuri }}/v1.1/%(tenant_id)s"
os_swift/defaults/main.yml:swift_service_publicurl: "{{ swift_service_publicuri }}/v1/AUTH_%(tenant_id)s"
os_swift/defaults/main.yml:swift_service_adminurl: "{{ swift_service_adminuri }}/v1/AUTH_%(tenant_id)s"
os_swift/defaults/main.yml:swift_service_internalurl: "{{ swift_service_internaluri }}/v1/AUTH_%(tenant_id)s"
os_trove/defaults/main.yml:trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
os_trove/defaults/main.yml:trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
os_trove/defaults/main.yml:trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"

Fair point, and thanks for the list :)

I'm adding this as low-hanging-fruit.

tags: added: low-hanging-fruit
description: updated

Please also note that the policy.json files are fetched from upstream, and the fixes should be included there.

Changed in openstack-ansible:
status: New → Confirmed
importance: Undecided → Low
Luke Short (ekultails) wrote :

All references to "%(tenant_id)s" appear to be gone, except for in the Octavia LBaaS variables.

$ grep tenant_id group_vars/all/octavia.yml
octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s"

I can find no trace of "%(project_id)s" in OpenStack-Ansible now, either. Is this no longer required for the Keystone endpoints in Pike (or, at least, not a standard anymore)? Also, should we remove the "%(tenant_id)s" part for Octavia or should that be changed to "%(project_id)s"? Considering that everything else has dropped the tenant/project ID requirement I am leaning towards the removal of that from the Octavia service.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers