python-cinderclient

cinderclient does not support noauth

Bug #1657156 reported by Julia Kreger on 2017-01-17

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	python-cinderclient	Fix Released	Undecided	Ivan Kolodyazhny

Bug Description

While implementing support for Ironic to communicate with cinder, I noticed that python-cinderclient does not appear to support noauth mode for the client. The client presently expects authentication parameters on the command line, such as username, password, tenant, auth_url, even if auth_system and auth_plugin are set to something that is not keystone related.

This logic does not appear to be overridable via providing a proxy_token or bypass_url to the client on the CLI as the library attempts to then obtain a auth_url from the plugin, disregarding one defined on the command line, which has no override mechanism.

https://github.com/openstack/python-cinderclient/blob/master/cinderclient/client.py#L219

A compromise may be to allow the auth parameter to be passed through to the client, which would allow a caller to explicitly state the endpoint to be returned. See the admin_token keystoneath1 plugin. The CLI would not be usable for noauth, but the library could then be used programatically.

https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/loading/_plugins/admin_token.py

Alternatively, the bypass_url option could be used to populate the data if something like admin_token is defined as the auth_plugin.

See original description

Ivan Kolodyazhny (e0ne) on 2017-01-19

description:

updated

Ivan Kolodyazhny (e0ne) on 2017-01-19

Changed in python-cinderclient:
assignee:	nobody → Ivan Kolodyazhny (e0ne)

Ivan Kolodyazhny (e0ne) on 2017-01-25

Changed in python-cinderclient:
status:	New → Confirmed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-25: Fix proposed to python-cinderclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/425277

Changed in python-cinderclient:
assignee:	Ivan Kolodyazhny (e0ne) → Gorka Eguileor (gorka)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-31:

Fix proposed to branch: master
Review: https://review.openstack.org/427143

Changed in python-cinderclient:
assignee:	Gorka Eguileor (gorka) → Ivan Kolodyazhny (e0ne)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-09: Change abandoned on python-cinderclient (master)

Change abandoned by Sean McGinnis (<email address hidden>) on branch: master
Review: https://review.openstack.org/427143
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-14:

Change abandoned by Gorka Eguileor (<email address hidden>) on branch: master
Review: https://review.openstack.org/425277
Reason: In favor of using keystoneclient plugins: https://review.openstack.org/427143

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-27: Fix merged to python-cinderclient (master)

Reviewed: https://review.openstack.org/427143
Committed: https://git.openstack.org/cgit/openstack/python-cinderclient/commit/?id=60f92db7049b4f66e5198b86bfecc1029b6cdccd
Submitter: Jenkins
Branch: master

commit 60f92db7049b4f66e5198b86bfecc1029b6cdccd
Author: Ivan Kolodyazhny <email address hidden>
Date: Tue Jan 31 14:33:32 2017 +0200

Fix noauth support

    This patch includes several improvements:
    1. Use keystoneauth1 plugin mechanism for auth plugins.
    2. Implements CinderNoAuthPlugin.
    3. Deletes non-working cinderclient.auth_plugin module.
    4. Deprecates --bypass-url in flavor of --os-endpoint to be consistent
    with keystoneauth1 plugins.
    5. Deprecates in --os-auth-system in falvor of --os-auth-type to be
    consistent with keystoneauth1 plugins.

Both bypass_url and os_auth_system params are not changed for client
objects to not break backward compatibility for Python API.

    How to use noauth with cinderclient CLI:
    OS_USER_ID=userid OS_PROJECT_ID=projectis cinder --os-auth-type noauth
    --os-endpoint=http://localhost:8776/v2 list

Change-Id: I3be59a5a39235acbc3334e0a0b797081507a5c88
Closes-Bug: #1657156

Changed in python-cinderclient:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-05-25: Fix included in openstack/python-cinderclient 2.1.0

This issue was fixed in the openstack/python-cinderclient 2.1.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.