yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #07660
[Bug 1231357] Re: Inconsistance between horizon and django_openstack_auth default keystone version
** Tags removed: havana-backport-potential
** Also affects: horizon/havana
Importance: Undecided
Status: New
** Changed in: horizon/havana
Status: New => In Progress
** Changed in: horizon/havana
Importance: Undecided => Medium
** Changed in: horizon/havana
Assignee: (unassigned) => Akihiro Motoki (amotoki)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1231357
Title:
Inconsistance between horizon and django_openstack_auth default
keystone version
Status in OpenStack Dashboard (Horizon):
Fix Committed
Status in OpenStack Dashboard (Horizon) havana series:
In Progress
Bug description:
If one does not set in "local_settings.py":
OPENSTACK_API_VERSIONS = {
"identity": 2.0
}
django_openstack_auth falls back to version 2.0, and horizon to
version 3.
This leads to weird behaviour.
When the keystone API is version 2.0 and that horizon falls back on to using 3 you get this:
- In the dashboard, as admin, add your user to a project.
- Log out and in
- You can select the project
- select the project you are admin on, and go to the admin tab
- remove yourself from the project you added yourself previously.
- Log out and in
- You can still see the project from which you removed yourself but can't select it (it falls back to the one you realy belong to).
- You can still see yourself in the project via the shell command "keystone user-list --tenant <project_id>"
- the "keystone user-role-remove --user <user_id> --tenant <project_id> --role <role_id>" fails with the following message: "Cannot remove role that has not been granted" even though you can list yourself in it with the previous command.
We should have a coherent fall-back version.
The best would be a real detection of the API version and a fall-back if detection fails, but the fall-back should be coherent (same mechanism -> same module).
In order to be DRY (Don't Repeat Yourself), since horizon requires the django_openstack_auth, horizon should e.g. use "openstack_auth.utils.get_keystone_version()" in order to set horizon.openstack_dashboard.keystone.VERSIONS.preferred_version
instead of forcing it to a hard-coded 3, so we should have:
from openstack_auth import utils
VERSIONS = IdentityAPIVersionManager("identity", preferred_version=utils.get_keystone_version())
instead of:
VERSIONS = IdentityAPIVersionManager("identity", preferred_version=3)
but the method to use to have coherent fall-back is open to debate.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1231357/+subscriptions