tempest-lib KeystoneV2AuthProvider won't strip version in url correctly

Bug #1471833 reported by Mehdi Abaakouk
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
tempest
Fix Released
Medium
Sergey Nikitin

Bug Description

Hi,

If the endpoint url for the identity server in keystone looks like http://127.0.0.1:35357//v2.0 the KeystoneV2AuthProvider doesn't parse the url correctly (note the double // before the version).

I guess the expression here is the culprit: https://github.com/openstack/tempest-lib/blob/master/tempest_lib/auth.py#L310

>>> "/".join(urlparse.urlparse('http://127.0.0.1:35357//v2.0/').path.split("/")[2:])
'v2.0'
>>> "/".join(urlparse.urlparse('http://127.0.0.1:35357/v2.0').path.split("/")[2:])
''

When a double // is used the version if not stripped correctly.

Also, if the url is mounted somewhere else than root this looks broken too:

>>> "/".join(urlparse.urlparse('http://127.0.0.1:35357/bla/v2.0').path.split("/")[2:])
'v2.0'

Here, I guess the tempest-lib code expects it returns 'bla' not 'v2.0'

Cheers,

Changed in tempest:
status: New → Confirmed
importance: Undecided → Medium
Changed in tempest:
assignee: nobody → takmatsu (takeaki-matsumoto)
Changed in tempest:
assignee: takmatsu (takeaki-matsumoto) → nobody
Marian Horban (mhorban)
Changed in tempest:
assignee: nobody → Marian Horban (mhorban)
Changed in tempest:
status: Confirmed → In Progress
Revision history for this message
Brian Dols (bdols) wrote :

a potential fix for this is:
*** tempest_lib/auth.py 2016-02-12 16:50:43.983726239 -0600
--- ../tempest/.venv/lib/python2.7/site-packages/tempest_lib/auth.py 2016-02-12 16:51:54.599727161 -0600
***************
*** 324,330 ****
          parts = urlparse.urlparse(_base_url)
          if filters.get('api_version', None) is not None:
              path = "/" + filters['api_version']
! noversion_path = "/".join(parts.path.split("/")[2:])
              if noversion_path != "":
                  path += "/" + noversion_path
              _base_url = _base_url.replace(parts.path, path)
--- 324,331 ----
          parts = urlparse.urlparse(_base_url)
          if filters.get('api_version', None) is not None:
              path = "/" + filters['api_version']
! noversion_path = re.sub(r'^/{2,}(.+)', r'/\1', parts.path)
! noversion_path = "/".join(noversion_path.split("/")[2:])
              if noversion_path != "":
                  path += "/" + noversion_path
              _base_url = _base_url.replace(parts.path, path)
***************
*** 446,452 ****
          parts = urlparse.urlparse(_base_url)
          if filters.get('api_version', None) is not None:
              path = "/" + filters['api_version']
! noversion_path = "/".join(parts.path.split("/")[2:])
              if noversion_path != "":
                  path += "/" + noversion_path
              _base_url = _base_url.replace(parts.path, path)
--- 447,454 ----
          parts = urlparse.urlparse(_base_url)
          if filters.get('api_version', None) is not None:
              path = "/" + filters['api_version']
! noversion_path = re.sub(r'^/{2,}(.+)', r'/\1', parts.path)
! noversion_path = "/".join(noversion_path.split("/")[2:])
              if noversion_path != "":
                  path += "/" + noversion_path
              _base_url = _base_url.replace(parts.path, path)

note that line 224 in auth.py has a similar approach for handling contiguous slashes

Revision history for this message
Brian Dols (bdols) wrote :

attaching as a potential patch...

Changed in tempest:
assignee: Marian Horban (mhorban) → Sergey Nikitin (snikitin)
Changed in tempest:
assignee: Sergey Nikitin (snikitin) → nobody
Changed in tempest:
assignee: nobody → Sergey Nikitin (snikitin)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tempest (master)

Fix proposed to branch: master
Review: https://review.openstack.org/284621

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tempest (master)

Reviewed: https://review.openstack.org/284621
Committed: https://git.openstack.org/cgit/openstack/tempest/commit/?id=ba67867b1702e15d6e20d2abf429399971660d86
Submitter: Jenkins
Branch: master

commit ba67867b1702e15d6e20d2abf429399971660d86
Author: Sergey Nikitin <email address hidden>
Date: Thu Feb 25 12:55:51 2016 +0300

    Added processing /compute URL for getting list of versions

    After implementing blueprint "Ability to run some Nova services under Apache2"(
    https://blueprints.launchpad.net/nova/+spec/run-nova-services-under-apache2)
    it becomes possible not to use separate ports for each openstack service but
    share 80 port with different URL prefixes.

    Mailing list thread with discussion the details of this feature:
    http://lists.openstack.org/pipermail/openstack-dev/2015-June/067147.html.

    Openstack wiki page with mapping urls to services:
    https://wiki.openstack.org/wiki/URLs.

    If nova-api service is started by Apache (or similar),
    using 'Alias' directive script name contains alias-prefix.
    We get things like: '/ALIAS/NAME/v2', '/ALIAS/NAME/v2.1'
    This change makes sure we compose correct url for getting list of versions.

    Co-Authored-By: Marian Horban <email address hidden>
    Co-Authored-By: Pavel Kholkin <email address hidden>

    Closes-Bug: #1471833

    Change-Id: I2c78e22095975aef777bc62b19d46bcc8fea2d96

Changed in tempest:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tempest 11.0.0

This issue was fixed in the openstack/tempest 11.0.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tempest-lib (master)

Change abandoned by Ken'ichi Ohmichi (<email address hidden>) on branch: master
Review: https://review.openstack.org/245815
Reason: Sorry, but as Matt said, we are maintaining the code on tempest, not tempest-lib now.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.