python-keystoneclient

AuthorizationFailure: Authorization failed: Cannot authenticate without an auth_url

Bug #1547331 reported by Julian Edwards
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-keystoneclient
Expired
Undecided
Unassigned

Bug Description

If you create a client using a session and an endpoint override, if you then call authenticate() on the client it blows up with the error

AuthorizationFailure: Authorization failed: Cannot authenticate without an auth_url

There is a comment in the code that the newer behaviour with sessions is to now authenticate with the server on the first call, but:
 - is authenticate() still supposed to work?
 - if not, how can you pre-auth before any work is done to validate user-supplied credentials?

Julian Edwards (julian-edwards)
affects: keystone → python-keystoneclient
Revision history for this message
Jamie Lennox (jamielennox) wrote :

No - authenticated() is not supposed to work because the job of authenticating has been removed from the client object.

The idea was to not pre-auth, just do what you want to do and catch an AuthorizationFailure if something goes wrong when auth does happen. If you really need to prompt an auth you can do like session.get_token() which will return you an active token which will prompt auth if there hasn't been one or return you a still valid token if there has.

Is there any reason you must pre-auth? the error for an auth failure is fairly distinctive from others.

Revision history for this message
Julian Edwards (julian-edwards) wrote :

Another by-product of the lazy auth seems to be that service_catalog is no longer present. I could use the endpoints.list() but that doesn't contain service_type.

I've resorted to doing something like this to force a pre-auth:

auth=identity.Password(...)
session=Session(auth=auth)
ks = client.Client(session)
ks.auth_ref = auth.get_access(session)

which then means that any code that calls ks.service_catalog() works.

Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

Is this still the case in the keystoneauth session? Keystoneclient session is long since deprecated and not heavily tested.

Changed in python-keystoneclient:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for python-keystoneclient because there has been no activity for 60 days.]

Changed in python-keystoneclient:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.