← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #43493

[Bug 1506825] Re: Inside multi (Keystone) endpoint environment Horizon logs into incorrect region

  Thread PreviousDate PreviousThread Next 
I've discussed use case B with our Keystone team and seems that it's
impossible to support such a use case in Keystone until Federation is
fully implemented. (Or at least implement it w/o severe security
implications related to token revocation). Since this use case was the
main reason of implementing the Horizon support, I'm changing this to
Won't Fix for now.

** Changed in: horizon
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1506825

Title:
  Inside multi (Keystone) endpoint environment Horizon logs into
  incorrect region

Status in OpenStack Dashboard (Horizon):
  Won't Fix

Bug description:
  A. Consider a Horizon setup which knows about 2 Keystone endpoints
  (setting AVAILABLE_REGIONS, I'm refraining from using it because it'll
  change in future, see bug 1494251). And each of these Keystone
  endpoints has 2 service region within it, but these service regions a
  different, for example RegionOne and RegionTwo in Keystone1 and
  RegionNorth and RegionSouth in Keystone2. Currently last service
  region selected is stored in cookies, that means that if User first
  selects RegionSouth in Keystone2, then signs out and logs in into
  Keystone1 where he by default placed into RegionOne (effectively
  saving this new region in cookies), then, he returns back to Keystone2
  his RegionSouth choice is lost.

  B. Another specific setup with multi-endpoint Keystone is when within
  Keystone1 Region1 is the own Keystone1 cloud and Region2 are the
  resources of the Keystone2 own cloud, and for Keystone2 situation is
  the same - Region1 are foreign resources, Region2 are local ones. In
  that case most deployers would like to default to Region1 when logging
  into Keystone1 endpoint and default to Region2 when logging into
  Keystone2 endpoint.

  The proposed solution is to 
  * make a default selection of a service region based on the endpoint User is logging in (fixes B)
  * save last service region in a per-endpoint cookie (fixes A)

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1506825/+subscriptions

References

  Thread PreviousDate PreviousThread Next