token + service_url based authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-cinderclient |
Invalid
|
Undecided
|
Unassigned | ||
python-novaclient |
Invalid
|
Medium
|
Unassigned |
Bug Description
The keystone service provides a token which is usable for accessing all OpenStack services.
A single REST token-get response also contains all service endpoints.
So after a token-get no future keystone communication required on the client side until the token expires (24h).
The glance, neutron, and keystone clients are able to use the already acquired tokens, but the python-novaclient and python-cinderclient not yet.
Example usage with glance CLI:
https:/
The CLI usage is not efficient with a frequent token-get, it is major issue when you use the client from a shell scripts.
IMHO token based authentication is nicer in python scripts as well.
Changed in python-cinderclient: | |
assignee: | nobody → Masco Kaliyamoorthy (masco) |
Changed in python-cinderclient: | |
status: | New → In Progress |
information type: | Public → Public Security |
This is a two part bug, one we the keyring is disabled by default and two its broken: https:/ /bugs.launchpad .net/python- novaclient/ +bug/1039572
Once we fix the keyring we should enable it by default as long as the dependencies are there.