Token based authentication in Client class does not work
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack DBaaS (Trove) |
Fix Released
|
Undecided
|
Andriy Kurilin | ||
OpenStack Dashboard (Horizon) |
Invalid
|
Undecided
|
Unassigned | ||
python-novaclient |
Fix Released
|
Critical
|
Andriy Kurilin | ||
tripleo |
Fix Released
|
Critical
|
Emilien Macchi | ||
tripleo-quickstart |
Fix Released
|
Undecided
|
Martin André |
Bug Description
With newly released novaclient (7.0.0) it seems that token base authentication does not work in novaclient.
I have get back the following response from Nova server:
Malformed request URL: URL's project_id 'e0beb44615f34d
I just created the Nova client in following way:
Client(
2,
endpoint_
service_
auth_
tenant_
region_
auth_
insecure=True,
endpoint_
)
After it nova client performs a new token based authentication without project_id (tenant_id) and it causes that the new token does not belong to any project. Anyway if we have a token already why novaclient requests a new one from keystone? (Other clients like Heat and Neutron for example does not requests any token from keystone if it is already provided for client class)
The bug is introduced by follwoig commit:
https:/
+ if not auth and auth_token:
+ auth = identity.
+ token=auth_token)
When project_id is also passed into Token authentication than everything works fine. So newly requested token belongs to right project/tenant.
Note: Originally this problem appears in Mistral project of OpenStack, which is using the client classes directly from their actions with token based authentication.
Changed in python-novaclient: | |
importance: | Undecided → High |
Changed in python-novaclient: | |
assignee: | Istvan Imre (istvan.imre) → Andrey Kurilin (andreykurilin) |
Changed in python-novaclient: | |
assignee: | Andrey Kurilin (andreykurilin) → Istvan Imre (istvan.imre) |
Changed in python-novaclient: | |
assignee: | Istvan Imre (istvan.imre) → Andrey Kurilin (andreykurilin) |
Changed in python-novaclient: | |
assignee: | Andrey Kurilin (andreykurilin) → Istvan Imre (istvan.imre) |
Changed in python-novaclient: | |
assignee: | Istvan Imre (istvan.imre) → Andrey Kurilin (andreykurilin) |
Changed in python-novaclient: | |
assignee: | Andrey Kurilin (andreykurilin) → Radomir Dopieralski (deshipu) |
Changed in python-novaclient: | |
assignee: | Radomir Dopieralski (deshipu) → Andrey Kurilin (andreykurilin) |
Changed in python-novaclient: | |
importance: | High → Critical |
Changed in python-novaclient: | |
importance: | Critical → High |
Changed in tripleo: | |
importance: | Undecided → High |
milestone: | none → ocata-rc1 |
tags: | added: promotion-blocker |
Changed in tripleo: | |
status: | New → Triaged |
Changed in tripleo: | |
assignee: | nobody → Andrey Kurilin (andreykurilin) |
status: | Triaged → In Progress |
tags: | added: alert ci |
Changed in tripleo: | |
importance: | High → Critical |
Changed in tripleo: | |
assignee: | Andrey Kurilin (andreykurilin) → Emilien Macchi (emilienm) |
Changed in tripleo-quickstart: | |
assignee: | Martin André (mandre) → wes hayutin (weshayutin) |
Changed in tripleo-quickstart: | |
assignee: | wes hayutin (weshayutin) → Martin André (mandre) |
Fix proposed to branch: master /review. openstack. org/419441
Review: https:/