yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1795851] [NEW] Horizon Provides wrong RC file

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Robert Duncan <rduncan@xxxxxxxx>
Date: Wed, 03 Oct 2018 10:33:36 -0000
Reply-to: Bug 1795851 <1795851@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The are many ways to authenticate to keystone service saml, openid, ldap, etc. 
each use case has it's own environment variables requirements to make a successful API request.

for example saml2 openrc file needs to contain:


--os-auth-type v3samlpassword 
--os-identity-provider <name of ido in keystone>
--os-identity-provider-url <ECP endpoint>
--os-protocol saml2 
--os-username <federated username>
--os-password 
--os-auth-url http://sp.keystone:5000/v3 
--os-project-name demo 
--os-project-domain-name Default 
--os-identity-api-versione 3 

OIDC, ldap, mellon, k2k - they are all different.

The RC file provided by horizon is wrong, maybe most of the time.
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/api_access/templates/api_access/openrc.sh.template

Since these files are only available to users after they log in, they
should be provided dynamically from keystone service.

** Affects: horizon
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1795851

Title:
  Horizon Provides wrong RC file

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  The are many ways to authenticate to keystone service saml, openid, ldap, etc. 
  each use case has it's own environment variables requirements to make a successful API request.

  for example saml2 openrc file needs to contain:

  
  --os-auth-type v3samlpassword 
  --os-identity-provider <name of ido in keystone>
  --os-identity-provider-url <ECP endpoint>
  --os-protocol saml2 
  --os-username <federated username>
  --os-password 
  --os-auth-url http://sp.keystone:5000/v3 
  --os-project-name demo 
  --os-project-domain-name Default 
  --os-identity-api-versione 3 

  OIDC, ldap, mellon, k2k - they are all different.

  The RC file provided by horizon is wrong, maybe most of the time.
  https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/api_access/templates/api_access/openrc.sh.template

  Since these files are only available to users after they log in, they
  should be provided dynamically from keystone service.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1795851/+subscriptions

Follow ups

[Bug 1795851] Re: Horizon Provides wrong RC file
From: OpenStack Infra, 2019-01-23