yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #75069
[Bug 1795851] [NEW] Horizon Provides wrong RC file
Public bug reported:
The are many ways to authenticate to keystone service saml, openid, ldap, etc.
each use case has it's own environment variables requirements to make a successful API request.
for example saml2 openrc file needs to contain:
--os-auth-type v3samlpassword
--os-identity-provider <name of ido in keystone>
--os-identity-provider-url <ECP endpoint>
--os-protocol saml2
--os-username <federated username>
--os-password
--os-auth-url http://sp.keystone:5000/v3
--os-project-name demo
--os-project-domain-name Default
--os-identity-api-versione 3
OIDC, ldap, mellon, k2k - they are all different.
The RC file provided by horizon is wrong, maybe most of the time.
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/api_access/templates/api_access/openrc.sh.template
Since these files are only available to users after they log in, they
should be provided dynamically from keystone service.
** Affects: horizon
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1795851
Title:
Horizon Provides wrong RC file
Status in OpenStack Dashboard (Horizon):
New
Bug description:
The are many ways to authenticate to keystone service saml, openid, ldap, etc.
each use case has it's own environment variables requirements to make a successful API request.
for example saml2 openrc file needs to contain:
--os-auth-type v3samlpassword
--os-identity-provider <name of ido in keystone>
--os-identity-provider-url <ECP endpoint>
--os-protocol saml2
--os-username <federated username>
--os-password
--os-auth-url http://sp.keystone:5000/v3
--os-project-name demo
--os-project-domain-name Default
--os-identity-api-versione 3
OIDC, ldap, mellon, k2k - they are all different.
The RC file provided by horizon is wrong, maybe most of the time.
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/api_access/templates/api_access/openrc.sh.template
Since these files are only available to users after they log in, they
should be provided dynamically from keystone service.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1795851/+subscriptions
Follow ups