python-keystoneclient

Version discovery fails with default Keystone config

Bug #1410364 reported by Dean Troyer on 2015-01-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	python-keystoneclient	Invalid	Undecided	Unassigned
	python-openstackclient	Fix Released	Medium	Dean Troyer	python-openstackclient m7 "nitrogen"

Bug Description

The URLs returned inKeystone's version response (GET /) are set in keystone.conf with admin_endpoint and public_endpoint. The default for both of those is 'http://localhost:xxxx/' where xxxx is the configured port. With the introduction of version discovery in keystoneclient this default configuration no longer properly works for anything except an all-in-one configuration where the client is also on the same server (ie, DevStack).

This does not seem to be a wide-spread problem but clouds configured in this manner are in the wild, and generally older releases that can not or will not be upgraded soon. This fix (see below) could be done in KSC's auth plugins to make it universally available. A proof-of-concept has been done in OpenStackClient (https://review.openstack.org/145681) and may (will?) remain there if it is not added to KSC.

A simple work-around for this problem is to use the scheme and host from the authentication URL used to get the version response in the returned endpoint when the endpoint host is 'localhost'.

Dean Troyer (dtroyer) on 2015-01-13

Changed in python-openstackclient:
importance:	Undecided → Medium
milestone:	none → m7

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-14: Fix proposed to python-keystoneclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/147284

Changed in python-keystoneclient:
assignee:	nobody → Dean Troyer (dtroyer)
status:	New → In Progress

Dean Troyer (dtroyer) on 2015-01-14

Changed in python-openstackclient:
assignee:	nobody → Dean Troyer (dtroyer)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-19: Fix merged to python-openstackclient (master)

Reviewed: https://review.openstack.org/145681
Committed: https://git.openstack.org/cgit/openstack/python-openstackclient/commit/?id=d3b87d7795356d3c4e4b6f578a1f426a74f9afbd
Submitter: Jenkins
Branch: master

commit d3b87d7795356d3c4e4b6f578a1f426a74f9afbd
Author: Dean Troyer <email address hidden>
Date: Wed Jan 7 22:01:21 2015 -0600

Add version url config workaround

    This subclasses KSC's generic Password plugin to allow version discovery with
    default Keystone configurations that leave admin_endpoint and public_endpoint
    at the default values (http://localhost:xxxx). This patch copies the scheme
    and netloc from the original auth_url into the URL returned from version
    discovery if the returned netloc begins with 'localhost'.

Due to the specific nature of this review, the Keystone team is not
inclned to include it in keystoneclient so it is addressed here.

Closes-bug: #1410364
Change-Id: I877fe74d86aab3a63122a07b77d1302a007f5b30

Changed in python-openstackclient:
status:	In Progress → Fix Committed

Dean Troyer (dtroyer) on 2015-01-19

Changed in python-openstackclient:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-02-03: Change abandoned on python-keystoneclient (master)

Change abandoned by Dean Troyer (<email address hidden>) on branch: master
Review: https://review.openstack.org/147284
Reason: Handled in OpenStackClient

Revision history for this message

Steve Martinelli (stevemar) wrote on 2015-11-27:

seems like fixing this in OSC was the right move

Changed in python-keystoneclient:
status:	In Progress → Invalid
assignee:	Dean Troyer (dtroyer) → nobody

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.