yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #61036
[Bug 1654183] Re: Token based authentication in Client class does not work
7.1.0 should fix an issue with horizon.
** Changed in: horizon
Status: New => Incomplete
** Changed in: horizon
Status: Incomplete => Invalid
** Changed in: trove
Status: New => Fix Released
** Changed in: trove
Assignee: (unassigned) => Andrey Kurilin (andreykurilin)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1654183
Title:
Token based authentication in Client class does not work
Status in OpenStack Dashboard (Horizon):
Invalid
Status in python-novaclient:
Fix Released
Status in tripleo:
In Progress
Status in OpenStack DBaaS (Trove):
Fix Released
Bug description:
With newly released novaclient (7.0.0) it seems that token base
authentication does not work in novaclient.client.Clinet.
I have get back the following response from Nova server:
Malformed request URL: URL's project_id
'e0beb44615f34d54b8a9a9203a3e5a1c' doesn't match Context's project_id
'None' (HTTP 400)
I just created the Nova client in following way:
Client(
2,
endpoint_type="public",
service_type='compute',
auth_token=auth_token,
tenant_id="devel",
region_name="RegionOne",
auth_url=keystone_url,
insecure=True,
endpoint_override=nova_endpoint #https://.../v2/e0beb44615f34d54b8a9a9203a3e5a1c
)
After it nova client performs a new token based authentication without
project_id (tenant_id) and it causes that the new token does not
belong to any project. Anyway if we have a token already why
novaclient requests a new one from keystone? (Other clients like Heat
and Neutron for example does not requests any token from keystone if
it is already provided for client class)
The bug is introduced by follwoig commit:
https://github.com/openstack/python-novaclient/commit/8409e006c5f362922baae9470f14c12e0443dd70
+ if not auth and auth_token:
+ auth = identity.Token(auth_url=auth_url,
+ token=auth_token)
When project_id is also passed into Token authentication than
everything works fine. So newly requested token belongs to right
project/tenant.
Note: Originally this problem appears in Mistral project of OpenStack,
which is using the client classes directly from their actions with
token based authentication.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1654183/+subscriptions