python-openstackclient

Should check auth_url when decide if we drop domain info from config

Bug #1737069 reported by Yuki Nishiwaki
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-openstackclient
In Progress
Undecided
Yuki Nishiwaki

Bug Description

Currently osc-lib intentionally drop the domain related information from configuration when setup config if identity api version is configured as 2.0. This behaviour itself looks fine.

But identity api version configuration is referred when try to call identity api after got token.
The token always is got from the url to be written in auth_url configuration regardless of the identity api version being defined via environment variable.
which means if we are using v3 api as auth_url and we thought we won't use identity api from cli other than issuing token and didn't specify the version, we can not get authenticated cause the default identity api version is 2.0 and drop domain information.

To make it clear, I took example.
If you export following environment variable, you failed to access any openstack api.

----
export OS_PROJECT_ID=<project>
export OS_REGION_NAME=<region>
export OS_USER_DOMAIN_NAME=default
export OS_PASSWORD=<password>
export OS_USERNAME=<username>
export OS_AUTH_URL=https://<domain>:5000/v3
openstack server list
Ignoring domain related config user_domain_name because identity API version is 2.0
Ignoring domain related config user_domain_name because identity API version is 2.0
Ignoring domain related config user_domain_name because identity API version is 2.0
Ignoring domain related config user_domain_name because identity API version is 2.0
Expecting to find domain in user - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400)
----

Currently auth_url and identity_api_version configuration are considered separately.
If we continue on thinking separately, we should check auth_url before drop the domain information because auth_url also depend on domain information.
Or we can make auth_url and identity_api_version have consistency, if auth_url is configured to use v3, we configure identity_api_version as v3, or vice versa.

I prefer the first approach so I created patch with that approach.
https://review.openstack.org/#/c/526413/

Yuki Nishiwaki (uckey-1067)
Changed in python-openstackclient:
assignee: nobody → Yuki Nishiwaki (uckey-1067)
OpenStack Infra (hudson-openstack)
Changed in python-openstackclient:
status: New → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.