Can't use TokenManager. authenticate() with publicurl
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-keystoneclient |
Won't Fix
|
High
|
Unassigned |
Bug Description
See attached example.py for sample code and context.
Create a v2 client object:
* Use publicurl as the auth_url endpoint
* Use credentials that confer an admin role
Call client.
The call fails when adminurl is unreachable.
Expectation is that publicurl would be used as the auth_url endpoint, however ...
# NOTE(jamielennox): try doing a regular admin query first. If there is
# no endpoint that can satisfy the request (eg an unscoped token) then
# issue it against the auth_url.
try:
token_ref = self._post(*args, **kwargs)
except exceptions.
kwargs[
Our keystone adminurl is intentionally on a private network and *unreachable* from where example.py is running (in a VM).
After quite a while, an exception is raised (keystoneauth1.
Meanwhile, a direct API call, skipping python-
* POST to publicurl, /v2/tokens, from the same location/VM
* Use X-Auth-Token of someone with an admin role
* Pass in the same valid token/tenant_id as before.
Additionally, a CLI call such as "nova list" (using the same credentials and conferred admin role) also works.
Changed in keystone: | |
assignee: | nobody → Joe D'Andrea (joedandrea) |
description: | updated |
Changed in python-keystoneclient: | |
assignee: | nobody → Aleksey Nakoryakov (alfnak) |
Workaround: pass interface='public' to the Client constructor:
client = client. Client( session= sess, interface='public')
Note that in the v2 and v3 documentation, interface isn't documented as a parameter:
http:// docs.openstack. org/developer/ python- keystoneclient/ api/keystonecli ent.v2_ 0.html# module- keystoneclient. v2_0.client docs.openstack. org/developer/ python- keystoneclient/ api/keystonecli ent.v3. html#keystonecl ient.v3. client. Client
http://