client-asks-for-username-password-incorrectly

Bug #1499540 reported by Devdatta Kulkarni on 2015-09-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance Client
High
Flavio Percoco
Liberty
High
Flavio Percoco

Bug Description

In solum, we use glance to store the docker images that we create for an application. We are using glance client internally to upload these images. Till recently, 'glance image-create' with only token has been happily working for us (in devstack). Today started noticing that glance image-create with just token is not working anymore. It is also not working when os-auth-token and os-image-url are passed in. According to the documentation (http://docs.openstack.org/developer/python-glanceclient/), just passing token and image-url should work. It is asking username (and password, if username is specified). But Solum does not have access to enduser's password. So we need the ability to be able to talk with glance without providing password.

I investigated the issue a bit.

It seems to be in this call https://github.com/openstack/python-glanceclient/blob/d4e7f97e3ab8c42dfd544dfa9c1c504f1de4ec05/glanceclient/shell.py#L697 which calls _get_endpoint_and_token. The 'auth_reqd' flag is getting set to 'True' (most likely because the predicates on line 450 and 451 are true).

Note that the first call to _get_endpoint_and_token from the call in line 659 works as expected (i.e. 'auth_reqd' flag is not set to True, so the call returns without asking for username and password)

wangxiyuan (wangxiyuan) on 2015-09-25
Changed in python-glanceclient:
assignee: nobody → wangxiyuan (wangxiyuan)
wangxiyuan (wangxiyuan) wrote :

The reason is that the client try to check whether the action is authentication required everytime.

But now, every action is authentication required according to:
https://github.com/openstack/python-glanceclient/blob/master/glanceclient/common/utils.py#L254
because every action doesn't have skip_authentication decorator. So I think we should have a discuess about:

1. Is it still need to check authentication required once user supply token and url?
2. If no, this only need a bug to fix.
2. If yes, which kind of action need to be check, and which not? We should add skip_authentication decorator to those who doesn't need check. In this case , I think we need a bp.

wangxiyuan (wangxiyuan) on 2015-09-25
Changed in python-glanceclient:
assignee: wangxiyuan (wangxiyuan) → nobody
Changed in python-glanceclient:
status: New → Triaged
importance: Undecided → High
tags: added: 1.0.0-potential
Changed in python-glanceclient:
assignee: nobody → Flavio Percoco (flaper87)
wangxiyuan (wangxiyuan) wrote :

This patch has changed the logic and fixed a bug : https://review.openstack.org/#/c/219686/8
But perhaps still has problem.

Fix proposed to branch: master
Review: https://review.openstack.org/227723

Changed in python-glanceclient:
status: Triaged → In Progress

Reviewed: https://review.openstack.org/227723
Committed: https://git.openstack.org/cgit/openstack/python-glanceclient/commit/?id=c31c1365573d10bd09afad47ca1974af3e50b5eb
Submitter: Jenkins
Branch: master

commit c31c1365573d10bd09afad47ca1974af3e50b5eb
Author: Flavio Percoco <email address hidden>
Date: Fri Sep 25 10:54:29 2015 +0200

    No auth when token and endpoint are passed

    The latest change to the auth_required logic introduced a bug were even
    when the token and endpoint were passed, authentication was being
    required.

    This patch fixes that issue and makes sure that authentication is not
    required when these 2 arguements are present.

    Closes-bug: #1499540

    Change-Id: I4c9c15ba526378970da5461511ed922d42c5a9f9

Changed in python-glanceclient:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/227924
Committed: https://git.openstack.org/cgit/openstack/python-glanceclient/commit/?id=76a91c9fbceffe660b4dc39813e435fc0b7cc6ac
Submitter: Jenkins
Branch: stable/liberty

commit 76a91c9fbceffe660b4dc39813e435fc0b7cc6ac
Author: Flavio Percoco <email address hidden>
Date: Fri Sep 25 10:54:29 2015 +0200

    No auth when token and endpoint are passed

    The latest change to the auth_required logic introduced a bug were even
    when the token and endpoint were passed, authentication was being
    required.

    This patch fixes that issue and makes sure that authentication is not
    required when these 2 arguements are present.

    Closes-bug: #1499540

    Change-Id: I4c9c15ba526378970da5461511ed922d42c5a9f9
    (cherry picked from commit c31c1365573d10bd09afad47ca1974af3e50b5eb)

Changed in python-glanceclient:
milestone: none → 1.2.0
status: Fix Committed → Fix Released

This issue was fixed in the openstack/python-glanceclient 1.1.1 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers