yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #52898
[Bug 1596869] [NEW] APIv3 compatibility broken in Mitaka and Liberty
Public bug reported:
Current API documentation [1] uses the fields "domain": { "id":
"default" }, to select a domain.
This call works in Liberty as you can see in the following snippet:
curl -i -H "Content-Type: application/json" -d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "admin"
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": { "id": "default" }
}
}
}
}' http://172.17.0.3:5000/v3/auth/tokens ; echo
HTTP/1.1 201 Created
X-Subject-Token: 8e861d59fb1847a388b27ab7150f2d15
Vary: X-Auth-Token
X-Distribution: Ubuntu
Content-Type: application/json
Content-Length: 2794
X-Openstack-Request-Id: req-2fcb81ac-4adf-4d0d-85f9-41d355c0606d
Date: Tue, 28 Jun 2016 08:59:42 GMT
{"token": {"methods": ["password"], "roles": [{"id":
"b1abb292e4af4ead9a1b62b4a6e39ba4", "name": "__member__"}, {"id":
"f071d23c5131434e8823101f3b8e33db", "name": "admin"}], "expires_at":
"2016-06-28T09:59:42.646127Z", "project": {"domain": {"id": "default",
"name": "Default"}, "id": "890fc0394fe34024b62aab12fb335960", "name":
"admin"}, "catalog": [{"endpoints": [{"region_id": "regionOne", "url":
"http://172.17.0.3:35357/v2.0";, "region": "regionOne", "interface":
"admin", "id": "2f69ed69563c425ab58f4b5eee4ec8aa"}, {"region_id":
"regionOne", "url": "http://172.17.0.3:35357/v2.0";, "region":
"regionOne", "interface": "admin", "id":
"5b52d945507748e3a7000f2868f3cdad"}, {"region_id": "regionOne", "url":
"http://172.17.0.3:5000/v2.0";, "region": "regionOne", "interface":
"public", "id": "bb40e55ed8064a75babfb79ae7dbfc66"}, {"region_id":
"regionOne", "url": "http://172.17.0.3:5000/v2.0";, "region":
"regionOne", "interface": "internal", "id":
"d0b5b26e077a43c6b5bad790964f5fcc"}, {"region_id": "regionOne", "url":
"http://172.17.0.3:5000/v2.0";, "region": "regionOne", "interface":
"internal", "id": "ed802af8f93c4c54b8fc6cb300b7af6a"}, {"region_id":
"regionOne", "url": "http://172.17.0.3:5000/v2.0";, "region":
"regionOne", "interface": "public", "id":
"fd03e9bb9ebb43c896c5f61af88a81f9"}], "type": "identity", "id":
"e1f8d8c7e32d43ff91bb042565f4a3c0", "name": "keystone"}, {"endpoints":
[{"region_id": "regionOne", "url": "http://172.17.0.10:9696";, "region":
"regionOne", "interface": "public", "id":
"1094d0b04baf48da96649944385e8c5a"}, {"region_id": "regionOne", "url":
"http://172.17.0.10:9696";, "region": "regionOne", "interface": "admin",
"id": "877d4a208a85445b9421ce26121e550d"}, {"region_id": "regionOne",
"url": "http://172.17.0.10:9696";, "region": "regionOne", "interface":
"internal", "id": "92179423db2e44b2a86b878c5e616156"}, {"region_id":
"regionOne", "url": "http://172.17.0.10:9696";, "region": "regionOne",
"interface": "public", "id": "99be12d96dc24e3eb96183939f57b9e5"},
{"region_id": "regionOne", "url": "http://172.17.0.10:9696";, "region":
"regionOne", "interface": "admin", "id":
"e48d6c32b4394b5294f946ad812134b4"}, {"region_id": "regionOne", "url":
"http://172.17.0.10:9696";, "region": "regionOne", "interface":
"internal", "id": "fdc2ed6b8e5a45e694dcc0e8b8d1473c"}], "type":
"network", "id": "e58bb334e65a46af8860e811e711f79f", "name": "neutron"},
{"endpoints": [], "type": "identity", "id":
"f84ea2bba03746a3af3c73ddc4b8da74", "name": "keystone"}, {"endpoints":
[], "type": "network", "id": "ea500b49561e441daeeacab5d21c6930", "name":
"neutron"}], "extras": {}, "user": {"domain": {"id": "default", "name":
"Default"}, "id": "d1b7876ff28e4db29296797296daecfe", "name": "admin"},
"audit_ids": ["7p_bhw8tTvqAOjKRpkHE2Q"], "issued_at":
"2016-06-28T08:59:42.646167Z"}}
but it's turned out that in mitaka it fails if you use the id field with
the name of the domain:
curl -i -H "Content-Type: application/json" -d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "openstack"
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": { "id": "default" }
}
}
}
}' http://localhost:5000/v3/auth/tokens ; echo
HTTP/1.1 401 Unauthorized
Date: Tue, 28 Jun 2016 09:01:04 GMT
Server: Apache/2.4.7 (Ubuntu)
Vary: X-Auth-Token
X-Distribution: Ubuntu
x-openstack-request-id: req-4898044b-25d4-4b9d-96c4-d823c0107cb0
WWW-Authenticate: Keystone uri="http://localhost:5000";
Content-Length: 114
Content-Type: application/json
{"error": {"message": "The request you have made requires
authentication.", "code": 401, "title": "Unauthorized"}}
in order to work you need to use name instead id:
curl -i -H "Content-Type: application/json" -d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "name": "default" },
"password": "openstack"
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": { "name": "default" }
}
}
}
}' http://localhost:5000/v3/auth/tokens ; echo
TTP/1.1 201 Created
Date: Tue, 28 Jun 2016 09:01:53 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Subject-Token: 0c293d9ceeba4a9f8c1a9edba99a1b11
Vary: X-Auth-Token
X-Distribution: Ubuntu
x-openstack-request-id: req-1a414584-472f-4b87-9981-a838e3df6f4a
Content-Length: 4155
Content-Type: application/json
{"token": {"methods": ["password"], "roles": [{"id":
"444fc66b35834eafb3936dca445b56de", "name": "admin"}], "expires_at":
"2016-06-28T10:01:53.680623Z", "project": {"domain": {"id":
"0a686f9a064c46eda176a8670d2af12e", "name": "default"}, "id":
"7c34e27bfb53415daef0b1696886fec5", "name": "admin"}, "catalog":
[{"endpoints": [{"region_id": "RegionOne", "url":
"http://controller:8004/v1/7c34e27bfb53415daef0b1696886fec5";, "region":
"RegionOne", "interface": "internal", "id":
"206c1110b228400fb1724a1498314c98"}, {"region_id": "RegionOne", "url":
"http://controller:8004/v1/7c34e27bfb53415daef0b1696886fec5";, "region":
"RegionOne", "interface": "admin", "id":
"85998c3e447d486195b8f91ba92a6194"}, {"region_id": "RegionOne", "url":
"http://controller:8004/v1/7c34e27bfb53415daef0b1696886fec5";, "region":
"RegionOne", "interface": "public", "id":
"f2f4cfe888fc49459a956b5a10058805"}], "type": "orchestration", "id":
"188d6ad795d04eaaa6f3f82c2c75d55a", "name": "heat"}, {"endpoints":
[{"region_id": "RegionOne", "url": "http://controller:5000/v3";,
"region": "RegionOne", "interface": "internal", "id":
"b5328f53e495488cbe40c76e715ae67f"}, {"region_id": "RegionOne", "url":
"http://controller:35357/v3";, "region": "RegionOne", "interface":
"admin", "id": "c7380da4c76548b9af42ba1ec3e6eb26"}, {"region_id":
"RegionOne", "url": "http://controller:5000/v3";, "region": "RegionOne",
"interface": "public", "id": "e8f15748b3544c8b972f92f309641d4a"}],
"type": "identity", "id": "7347cd9d3eb547b3b031a25a2a255800", "name":
"keystone"}, {"endpoints": [{"region_id": "RegionOne", "url":
"http://controller:8774/v2.1/7c34e27bfb53415daef0b1696886fec5";,
"region": "RegionOne", "interface": "public", "id":
"75b213bd189b44c6a33942b42f04130e"}, {"region_id": "RegionOne", "url":
"http://controller:8774/v2.1/7c34e27bfb53415daef0b1696886fec5";,
"region": "RegionOne", "interface": "admin", "id":
"bbf214c670c9480285f3989e37439f47"}, {"region_id": "RegionOne", "url":
"http://controller:8774/v2.1/7c34e27bfb53415daef0b1696886fec5";,
"region": "RegionOne", "interface": "internal", "id":
"e134dbff9b97482386e28a44b6300b23"}], "type": "compute", "id":
"940bfd5fabde4e609153ccd5908faa20", "name": "nova"}, {"endpoints":
[{"region_id": "RegionOne", "url": "http://controller:9292";, "region":
"RegionOne", "interface": "public", "id":
"5da83e30ee044e81b0c6a22224908439"}, {"region_id": "RegionOne", "url":
"http://controller:9292";, "region": "RegionOne", "interface":
"internal", "id": "65f0c05876e5415b95de8c7bc0a3d0b6"}, {"region_id":
"RegionOne", "url": "http://controller:9292";, "region": "RegionOne",
"interface": "admin", "id": "a4b6cfb84ecc4968a78f3bd6c5afbf85"}],
"type": "image", "id": "a25419e5648a4d45be9a0520dfc0fd1d", "name":
"glance"}, {"endpoints": [], "type": "midonet", "id":
"c6a6e8e049ad4a089474df40ffb2ae3b", "name": "midonet"}, {"endpoints":
[{"region_id": "RegionOne", "url": "http://controller:9696";, "region":
"RegionOne", "interface": "internal", "id":
"135bc8d30c6f4672afe822c0842c8504"}, {"region_id": "RegionOne", "url":
"http://controller:9696";, "region": "RegionOne", "interface": "admin",
"id": "a759fdcdad3a4d44bc778a1323fc10b5"}, {"region_id": "RegionOne",
"url": "http://controller:9696";, "region": "RegionOne", "interface":
"public", "id": "d567cffb6f2d4b62ae9d0bce28df74a5"}], "type": "network",
"id": "c904320538784d1da0d3fd6ffddf662d", "name": "neutron"},
{"endpoints": [{"region_id": "RegionOne", "url":
"http://controller:8000/v1";, "region": "RegionOne", "interface":
"internal", "id": "3c48d27bf77946e2b0db203a7c5d9ce9"}, {"region_id":
"RegionOne", "url": "http://controller:8000/v1";, "region": "RegionOne",
"interface": "admin", "id": "729d250075de4035bea596967924d050"},
{"region_id": "RegionOne", "url": "http://controller:8000/v1";, "region":
"RegionOne", "interface": "public", "id":
"8f573f4962274120a2f236252da226b5"}], "type": "cloudformation", "id":
"cbd659432f8a4a1fb68a8dd71f3153e3", "name": "heat-cfn"}], "user":
{"domain": {"id": "0a686f9a064c46eda176a8670d2af12e", "name":
"default"}, "id": "bcc79501b12948d1b48540bea231b89c", "name": "admin"},
"audit_ids": ["U-uBxUKqStWW557xSCmgKA"], "issued_at":
"2016-06-28T09:01:53.680711Z"}}
breaking all the compatibility
[1] http://docs.openstack.org/developer/keystone/api_curl_examples.html
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1596869
Title:
APIv3 compatibility broken in Mitaka and Liberty
Status in OpenStack Identity (keystone):
New
Bug description:
Current API documentation [1] uses the fields "domain": { "id":
"default" }, to select a domain.
This call works in Liberty as you can see in the following snippet:
curl -i -H "Content-Type: application/json" -d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "admin"
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": { "id": "default" }
}
}
}
}' http://172.17.0.3:5000/v3/auth/tokens ; echo
HTTP/1.1 201 Created
X-Subject-Token: 8e861d59fb1847a388b27ab7150f2d15
Vary: X-Auth-Token
X-Distribution: Ubuntu
Content-Type: application/json
Content-Length: 2794
X-Openstack-Request-Id: req-2fcb81ac-4adf-4d0d-85f9-41d355c0606d
Date: Tue, 28 Jun 2016 08:59:42 GMT
{"token": {"methods": ["password"], "roles": [{"id":
"b1abb292e4af4ead9a1b62b4a6e39ba4", "name": "__member__"}, {"id":
"f071d23c5131434e8823101f3b8e33db", "name": "admin"}], "expires_at":
"2016-06-28T09:59:42.646127Z", "project": {"domain": {"id": "default",
"name": "Default"}, "id": "890fc0394fe34024b62aab12fb335960", "name":
"admin"}, "catalog": [{"endpoints": [{"region_id": "regionOne", "url":
"http://172.17.0.3:35357/v2.0";, "region": "regionOne", "interface":
"admin", "id": "2f69ed69563c425ab58f4b5eee4ec8aa"}, {"region_id":
"regionOne", "url": "http://172.17.0.3:35357/v2.0";, "region":
"regionOne", "interface": "admin", "id":
"5b52d945507748e3a7000f2868f3cdad"}, {"region_id": "regionOne", "url":
"http://172.17.0.3:5000/v2.0";, "region": "regionOne", "interface":
"public", "id": "bb40e55ed8064a75babfb79ae7dbfc66"}, {"region_id":
"regionOne", "url": "http://172.17.0.3:5000/v2.0";, "region":
"regionOne", "interface": "internal", "id":
"d0b5b26e077a43c6b5bad790964f5fcc"}, {"region_id": "regionOne", "url":
"http://172.17.0.3:5000/v2.0";, "region": "regionOne", "interface":
"internal", "id": "ed802af8f93c4c54b8fc6cb300b7af6a"}, {"region_id":
"regionOne", "url": "http://172.17.0.3:5000/v2.0";, "region":
"regionOne", "interface": "public", "id":
"fd03e9bb9ebb43c896c5f61af88a81f9"}], "type": "identity", "id":
"e1f8d8c7e32d43ff91bb042565f4a3c0", "name": "keystone"}, {"endpoints":
[{"region_id": "regionOne", "url": "http://172.17.0.10:9696";,
"region": "regionOne", "interface": "public", "id":
"1094d0b04baf48da96649944385e8c5a"}, {"region_id": "regionOne", "url":
"http://172.17.0.10:9696";, "region": "regionOne", "interface":
"admin", "id": "877d4a208a85445b9421ce26121e550d"}, {"region_id":
"regionOne", "url": "http://172.17.0.10:9696";, "region": "regionOne",
"interface": "internal", "id": "92179423db2e44b2a86b878c5e616156"},
{"region_id": "regionOne", "url": "http://172.17.0.10:9696";, "region":
"regionOne", "interface": "public", "id":
"99be12d96dc24e3eb96183939f57b9e5"}, {"region_id": "regionOne", "url":
"http://172.17.0.10:9696";, "region": "regionOne", "interface":
"admin", "id": "e48d6c32b4394b5294f946ad812134b4"}, {"region_id":
"regionOne", "url": "http://172.17.0.10:9696";, "region": "regionOne",
"interface": "internal", "id": "fdc2ed6b8e5a45e694dcc0e8b8d1473c"}],
"type": "network", "id": "e58bb334e65a46af8860e811e711f79f", "name":
"neutron"}, {"endpoints": [], "type": "identity", "id":
"f84ea2bba03746a3af3c73ddc4b8da74", "name": "keystone"}, {"endpoints":
[], "type": "network", "id": "ea500b49561e441daeeacab5d21c6930",
"name": "neutron"}], "extras": {}, "user": {"domain": {"id":
"default", "name": "Default"}, "id":
"d1b7876ff28e4db29296797296daecfe", "name": "admin"}, "audit_ids":
["7p_bhw8tTvqAOjKRpkHE2Q"], "issued_at":
"2016-06-28T08:59:42.646167Z"}}
but it's turned out that in mitaka it fails if you use the id field
with the name of the domain:
curl -i -H "Content-Type: application/json" -d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "openstack"
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": { "id": "default" }
}
}
}
}' http://localhost:5000/v3/auth/tokens ; echo
HTTP/1.1 401 Unauthorized
Date: Tue, 28 Jun 2016 09:01:04 GMT
Server: Apache/2.4.7 (Ubuntu)
Vary: X-Auth-Token
X-Distribution: Ubuntu
x-openstack-request-id: req-4898044b-25d4-4b9d-96c4-d823c0107cb0
WWW-Authenticate: Keystone uri="http://localhost:5000";
Content-Length: 114
Content-Type: application/json
{"error": {"message": "The request you have made requires
authentication.", "code": 401, "title": "Unauthorized"}}
in order to work you need to use name instead id:
curl -i -H "Content-Type: application/json" -d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "name": "default" },
"password": "openstack"
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": { "name": "default" }
}
}
}
}' http://localhost:5000/v3/auth/tokens ; echo
TTP/1.1 201 Created
Date: Tue, 28 Jun 2016 09:01:53 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Subject-Token: 0c293d9ceeba4a9f8c1a9edba99a1b11
Vary: X-Auth-Token
X-Distribution: Ubuntu
x-openstack-request-id: req-1a414584-472f-4b87-9981-a838e3df6f4a
Content-Length: 4155
Content-Type: application/json
{"token": {"methods": ["password"], "roles": [{"id":
"444fc66b35834eafb3936dca445b56de", "name": "admin"}], "expires_at":
"2016-06-28T10:01:53.680623Z", "project": {"domain": {"id":
"0a686f9a064c46eda176a8670d2af12e", "name": "default"}, "id":
"7c34e27bfb53415daef0b1696886fec5", "name": "admin"}, "catalog":
[{"endpoints": [{"region_id": "RegionOne", "url":
"http://controller:8004/v1/7c34e27bfb53415daef0b1696886fec5";,
"region": "RegionOne", "interface": "internal", "id":
"206c1110b228400fb1724a1498314c98"}, {"region_id": "RegionOne", "url":
"http://controller:8004/v1/7c34e27bfb53415daef0b1696886fec5";,
"region": "RegionOne", "interface": "admin", "id":
"85998c3e447d486195b8f91ba92a6194"}, {"region_id": "RegionOne", "url":
"http://controller:8004/v1/7c34e27bfb53415daef0b1696886fec5";,
"region": "RegionOne", "interface": "public", "id":
"f2f4cfe888fc49459a956b5a10058805"}], "type": "orchestration", "id":
"188d6ad795d04eaaa6f3f82c2c75d55a", "name": "heat"}, {"endpoints":
[{"region_id": "RegionOne", "url": "http://controller:5000/v3";,
"region": "RegionOne", "interface": "internal", "id":
"b5328f53e495488cbe40c76e715ae67f"}, {"region_id": "RegionOne", "url":
"http://controller:35357/v3";, "region": "RegionOne", "interface":
"admin", "id": "c7380da4c76548b9af42ba1ec3e6eb26"}, {"region_id":
"RegionOne", "url": "http://controller:5000/v3";, "region":
"RegionOne", "interface": "public", "id":
"e8f15748b3544c8b972f92f309641d4a"}], "type": "identity", "id":
"7347cd9d3eb547b3b031a25a2a255800", "name": "keystone"}, {"endpoints":
[{"region_id": "RegionOne", "url":
"http://controller:8774/v2.1/7c34e27bfb53415daef0b1696886fec5";,
"region": "RegionOne", "interface": "public", "id":
"75b213bd189b44c6a33942b42f04130e"}, {"region_id": "RegionOne", "url":
"http://controller:8774/v2.1/7c34e27bfb53415daef0b1696886fec5";,
"region": "RegionOne", "interface": "admin", "id":
"bbf214c670c9480285f3989e37439f47"}, {"region_id": "RegionOne", "url":
"http://controller:8774/v2.1/7c34e27bfb53415daef0b1696886fec5";,
"region": "RegionOne", "interface": "internal", "id":
"e134dbff9b97482386e28a44b6300b23"}], "type": "compute", "id":
"940bfd5fabde4e609153ccd5908faa20", "name": "nova"}, {"endpoints":
[{"region_id": "RegionOne", "url": "http://controller:9292";, "region":
"RegionOne", "interface": "public", "id":
"5da83e30ee044e81b0c6a22224908439"}, {"region_id": "RegionOne", "url":
"http://controller:9292";, "region": "RegionOne", "interface":
"internal", "id": "65f0c05876e5415b95de8c7bc0a3d0b6"}, {"region_id":
"RegionOne", "url": "http://controller:9292";, "region": "RegionOne",
"interface": "admin", "id": "a4b6cfb84ecc4968a78f3bd6c5afbf85"}],
"type": "image", "id": "a25419e5648a4d45be9a0520dfc0fd1d", "name":
"glance"}, {"endpoints": [], "type": "midonet", "id":
"c6a6e8e049ad4a089474df40ffb2ae3b", "name": "midonet"}, {"endpoints":
[{"region_id": "RegionOne", "url": "http://controller:9696";, "region":
"RegionOne", "interface": "internal", "id":
"135bc8d30c6f4672afe822c0842c8504"}, {"region_id": "RegionOne", "url":
"http://controller:9696";, "region": "RegionOne", "interface": "admin",
"id": "a759fdcdad3a4d44bc778a1323fc10b5"}, {"region_id": "RegionOne",
"url": "http://controller:9696";, "region": "RegionOne", "interface":
"public", "id": "d567cffb6f2d4b62ae9d0bce28df74a5"}], "type":
"network", "id": "c904320538784d1da0d3fd6ffddf662d", "name":
"neutron"}, {"endpoints": [{"region_id": "RegionOne", "url":
"http://controller:8000/v1";, "region": "RegionOne", "interface":
"internal", "id": "3c48d27bf77946e2b0db203a7c5d9ce9"}, {"region_id":
"RegionOne", "url": "http://controller:8000/v1";, "region":
"RegionOne", "interface": "admin", "id":
"729d250075de4035bea596967924d050"}, {"region_id": "RegionOne", "url":
"http://controller:8000/v1";, "region": "RegionOne", "interface":
"public", "id": "8f573f4962274120a2f236252da226b5"}], "type":
"cloudformation", "id": "cbd659432f8a4a1fb68a8dd71f3153e3", "name":
"heat-cfn"}], "user": {"domain": {"id":
"0a686f9a064c46eda176a8670d2af12e", "name": "default"}, "id":
"bcc79501b12948d1b48540bea231b89c", "name": "admin"}, "audit_ids":
["U-uBxUKqStWW557xSCmgKA"], "issued_at":
"2016-06-28T09:01:53.680711Z"}}
breaking all the compatibility
[1]
http://docs.openstack.org/developer/keystone/api_curl_examples.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1596869/+subscriptions
Follow ups
