The default endpoint interface type for Keystone v3 should be 'public'

Bug #1457702 reported by Roxana Gherle
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-keystoneclient
Won't Fix
Low
Unassigned

Bug Description

The default value for the endpoint interface type is 'admin' for Keystone. However, all the other services (nova, glance, etc.) have a 'public' default endpoint type.
We should change the default value for Keystone v3 to be 'public'. Keystone v2 should remain the same with a default interface type of 'admin'.

Changed in python-keystoneclient:
assignee: nobody → Roxana Gherle (roxana-gherle)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-keystoneclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/185200

Changed in python-keystoneclient:
status: New → In Progress
Changed in python-keystoneclient:
assignee: Roxana Gherle (roxana-gherle) → Guang Yee (guang-yee)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-keystoneclient (feature/keystoneauth_integration)

Fix proposed to branch: feature/keystoneauth_integration
Review: https://review.openstack.org/215261

Changed in python-keystoneclient:
assignee: Guang Yee (guang-yee) → Roxana Gherle (roxana-gherle)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on python-keystoneclient (feature/keystoneauth_integration)

Change abandoned by Steve Martinelli (<email address hidden>) on branch: feature/keystoneauth_integration
Review: https://review.openstack.org/215261
Reason: need to abandon in order to delete branch

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-keystoneclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/250664

Changed in python-keystoneclient:
assignee: Roxana Gherle (roxana-gherle) → Boris Bobrov (bbobrov)
Changed in python-keystoneclient:
importance: Undecided → Medium
Revision history for this message
Dolph Mathews (dolph) wrote :

Setting impact to Low because this isn't breaking anything.

Changed in python-keystoneclient:
importance: Medium → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-keystoneclient (master)

Reviewed: https://review.openstack.org/250664
Committed: https://git.openstack.org/cgit/openstack/python-keystoneclient/commit/?id=d3b11d674d6539a0a09e0c432983ebf172e8ad79
Submitter: Jenkins
Branch: master

commit d3b11d674d6539a0a09e0c432983ebf172e8ad79
Author: Roxana Gherle <email address hidden>
Date: Thu Aug 20 10:35:29 2015 -0700

    Change default endpoint for Keystone v3 to public

    All of the other Openstack services have a 'public' default endpoint
    type. Keystone has 'admin' default endpoint type. Why not make
    Keystone compliant and change the default for Keystone v3 from 'admin'
    to 'public'. Keystone v2 will remain the same with an 'admin' default.

    Closes-Bug: #1457702
    Change-Id: I515438477dba72c2a0c4595603000690511b5700

Changed in python-keystoneclient:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on python-keystoneclient (master)

Change abandoned by Steve Martinelli (<email address hidden>) on branch: master
Review: https://review.openstack.org/185200
Reason: the bug has been fixed, abandoning since it's been >60 days since a new patch and still has a negative score.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/python-keystoneclient 2.1.0

This issue was fixed in the openstack/python-keystoneclient 2.1.0 release.

Revision history for this message
Steve Martinelli (stevemar) wrote :
Download full text (6.8 KiB)

I am re-opening this bug to the confirmed state, as it broke the keystonemiddleware gate for stable/liberty.

It was failing these tests: https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py#L2322-L2347

2016-01-13 20:09:21.480 | ======================================================================
2016-01-13 20:09:21.480 | FAIL: keystonemiddleware.tests.unit.auth_token.test_auth_token_middleware.AuthProtocolLoadingTests.test_loading_password_plugin
2016-01-13 20:09:21.480 | tags: worker-5
2016-01-13 20:09:21.480 | ----------------------------------------------------------------------
2016-01-13 20:09:21.480 | Empty attachments:
2016-01-13 20:09:21.480 | stderr
2016-01-13 20:09:21.481 | stdout
2016-01-13 20:09:21.481 |
2016-01-13 20:09:21.481 | pythonlogging:'': {{{
2016-01-13 20:09:21.481 | WARNING [keystonemiddleware.auth_token] Configuring auth_uri to point to the public identity endpoint is required; clients may not be able to authenticate against an admin endpoint
2016-01-13 20:09:21.481 | CRITICAL [keystonemiddleware.auth_token] Unable to validate token
2016-01-13 20:09:21.481 | Traceback (most recent call last):
2016-01-13 20:09:21.482 | File "keystonemiddleware/auth_token/__init__.py", line 831, in fetch_token
2016-01-13 20:09:21.482 | data = self._identity_server.verify_token(token)
2016-01-13 20:09:21.482 | File "keystonemiddleware/auth_token/_identity.py", line 214, in verify_token
2016-01-13 20:09:21.482 | auth_ref = self._request_strategy.verify_token(user_token)
2016-01-13 20:09:21.482 | File "keystonemiddleware/auth_token/_identity.py", line 106, in verify_token
2016-01-13 20:09:21.482 | include_catalog=self._include_service_catalog)
2016-01-13 20:09:21.482 | File "/home/jenkins/workspace/gate-keystonemiddleware-python27/.tox/py27/local/lib/python2.7/site-packages/keystoneclient/utils.py", line 337, in inner
2016-01-13 20:09:21.483 | return func(*args, **kwargs)
2016-01-13 20:09:21.483 | File "/home/jenkins/workspace/gate-keystonemiddleware-python27/.tox/py27/local/lib/python2.7/site-packages/keystoneclient/v3/tokens.py", line 88, in validate
2016-01-13 20:09:21.483 | body = self.get_token_data(token_id, include_catalog=include_catalog)
2016-01-13 20:09:21.483 | File "/home/jenkins/workspace/gate-keystonemiddleware-python27/.tox/py27/local/lib/python2.7/site-packages/keystoneclient/utils.py", line 337, in inner
2016-01-13 20:09:21.483 | return func(*args, **kwargs)
2016-01-13 20:09:21.483 | File "/home/jenkins/workspace/gate-keystonemiddleware-python27/.tox/py27/local/lib/python2.7/site-packages/keystoneclient/v3/tokens.py", line 70, in get_token_data
2016-01-13 20:09:21.484 | resp, body = self._client.get(url, headers=headers)
2016-01-13 20:09:21.484 | File "/home/jenkins/workspace/gate-keystonemiddleware-python27/.tox/py27/local/lib/python2.7/site-packages/keystoneclient/adapter.py", line 170, in get
2016-01-13 20:09:21.484 | return self.request(url, 'GET', **kwargs)
2016-01-13 20:09:21.484 | File "/home/jenkins/workspace/gate-keystonemiddleware-python27/.tox/py27/local/lib/python2.7/site-packa...

Read more...

Changed in python-keystoneclient:
status: Fix Released → Confirmed
Revision history for this message
Boris Bobrov (bbobrov) wrote :

I am un-assigning myself because I didn't really work on the bug, but just restored on of the reviews.

Changed in python-keystoneclient:
assignee: Boris Bobrov (bbobrov) → nobody
Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

This would appear to be move to the scope of KeystoneAuth and I know that we have addressed these types of issues there. Marking as invalid/wont fix due to the age of the bug.

Changed in python-keystoneclient:
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.