← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #12249

[Bug 1273867] Re: Keystone API v3 lists disabled endpoints and services in catalog

  Thread PreviousDate PreviousThread Next 
** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1273867

Title:
  Keystone API v3 lists disabled endpoints and services in catalog

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  When endpoint or service has "enabled" attribute set to "False", it is
  still listed in catalog (`keystone catalog` command and/or in catalog
  part of token.

  Create testing service (simplifies output later):
  > localhost:5000
  > POST /v3/services
  > '{"service":{"name":"My svc","type":"testing"}}'
  response:
  > {'service': {'id': '<SERVICE-ID>',
  >              'links': {'self': 'http://localhost:5000/v3/services/<SERVICE-ID>'},
  >              'name': 'My svc',
  >              'type': 'testing'}}

  Create disabled endpoint:
  > localhost:5000
  > POST /v3/endpoints
  > '{"endpoint":{
  >    "enabled":false,
  >    "name":"My disabled",
  >    "interface":"public",
  >    "url":"disabled_URL",
  >    "service_id":"<SERVICE-ID>"}}'
  response:
  > {'endpoint': {'enabled': False,
  >               'id': '<ENDPOINT-ID>',
  >               'interface': 'public',
  >               'links': {'self': 'http://localhost:5000/v3/endpoints/<ENDPOINT-ID>'},
  >               'name': 'My disabled',
  >               'region': None,
  >               'service_id': '<SERVICE-ID>',
  >               'url': 'disabled_URL'}}

  Now request token and see that it's catalog/endpoints part contains:
  > localhost:5000
  > POST /v3/auth/tokens
  > '{"auth":{
  >  "identity":
  >    {"methods":["password"],
  >     "password":{
  >       "user":{"name":"admin","domain":{"id":"default"},"password":"pass"}}},
  >  "scope":{"project":{"name":"admin","domain":{"id":"default"}}}}}
  snippet of response:
  > {'token': {'catalog': [
  > ...
  >   {'endpoints': [{'enabled': False,
  >                  'id': '<ENDPOINT-ID>',
  >                  'interface': 'public',
  >                  'legacy_endpoint_id': None,
  >                  'name': 'My disabled',
  >                  'region': None,
  >                  'url': 'disabled_URL'}],
  >    'id': '<SERVICE-ID>',
  >    'type': 'testing'},
  > ...

  Also it gets listed in response of `keystone catalog` (API v2):
  > # keystone catalog --service testing
  > Service: testing
  > +-----------+----------------------------------+
  > |  Property |              Value               |
  > +-----------+----------------------------------+
  > |     id    |        <ENDPOINT-ID>             |
  > | publicURL |        disabled_URL              |
  > |   region  |                                  |
  > +-----------+----------------------------------+

  The same example applies to Service with enabled=false.

  See https://github.com/openstack/identity-api/blob/master/openstack-
  identity-api/src/markdown/identity-api-v3.md#endpoints-v3endpoints for
  description of enabled attribute for Endpoint.

  And https://github.com/openstack/identity-api/blob/master/openstack-
  identity-api/src/markdown/identity-api-v3.md#services-v3services for
  description of Service.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1273867/+subscriptions

References

  Thread PreviousDate PreviousThread Next