← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #07405

[Bug 1261468] [NEW] domain-scoped token has "None" for tenant_id replacement

  Thread PreviousDate PreviousThread Next 
Public bug reported:


When I get a domain-scoped token, I get back a catalog. The catalog contains a bunch of endpoints that aren't valid because the tenant_id replacement has been changed to "None" rather than a valid tenant-id.

Here's an example of the data in the auth request:

{
    "token": {
        "catalog": [
            {
                "endpoints": [
                    {
                        "id": "247c60ab8ce94cac9bd6de51ad3a5da4",
                        "interface": "internal",
                        "legacy_endpoint_id": "677bffa798da42c594fb536f9e549f84", 
                        "region": "RegionOne",
                        "url": "http://192.168.122.176:8774/v2/None";
                    },
                    ...
                ],
                "id": "425a93743a7d46708d55f7f099bf1a07",
                "type": "compute"
            },
            ...
}

The compute endpoint in Keystone is like this:

| 677bffa798da42c594fb536f9e549f84 | RegionOne |
http://192.168.122.176:8774/v2/$(tenant_id)s |
http://192.168.122.176:8774/v2/$(tenant_id)s |
http://192.168.122.176:8774/v2/$(tenant_id)s |
425a93743a7d46708d55f7f099bf1a07 |

So it's replacing "$(tenant_id)s" with "None"

I don't think this is working as designed. What's the point of providing
a bunch of invalid endpoints?

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1261468

Title:
  domain-scoped token has "None" for tenant_id replacement

Status in OpenStack Identity (Keystone):
  New

Bug description:
  
  When I get a domain-scoped token, I get back a catalog. The catalog contains a bunch of endpoints that aren't valid because the tenant_id replacement has been changed to "None" rather than a valid tenant-id.

  Here's an example of the data in the auth request:

  {
      "token": {
          "catalog": [
              {
                  "endpoints": [
                      {
                          "id": "247c60ab8ce94cac9bd6de51ad3a5da4",
                          "interface": "internal",
                          "legacy_endpoint_id": "677bffa798da42c594fb536f9e549f84", 
                          "region": "RegionOne",
                          "url": "http://192.168.122.176:8774/v2/None";
                      },
                      ...
                  ],
                  "id": "425a93743a7d46708d55f7f099bf1a07",
                  "type": "compute"
              },
              ...
  }

  The compute endpoint in Keystone is like this:

  | 677bffa798da42c594fb536f9e549f84 | RegionOne |
  http://192.168.122.176:8774/v2/$(tenant_id)s |
  http://192.168.122.176:8774/v2/$(tenant_id)s |
  http://192.168.122.176:8774/v2/$(tenant_id)s |
  425a93743a7d46708d55f7f099bf1a07 |

  So it's replacing "$(tenant_id)s" with "None"

  I don't think this is working as designed. What's the point of
  providing a bunch of invalid endpoints?

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1261468/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next