← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #75444

[Bug 1687593] Re: Create OAUTH request token gives 401 error when request url is admin endpoint

  Thread PreviousDate PreviousThread Next 
** Changed in: python-keystoneclient
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1687593

Title:
  Create OAUTH request token gives 401 error when request url is admin
  endpoint

Status in OpenStack Identity (keystone):
  Fix Committed
Status in OpenStack Identity (keystone) newton series:
  Won't Fix
Status in OpenStack Identity (keystone) ocata series:
  Won't Fix
Status in python-keystoneclient:
  Won't Fix

Bug description:
  Create request token API returns 401 error when the request URL is
  admin endpoint.

  Error scenario:
  URL used to generate OAUTH signature and for POST request is Keystone admin endpoint
  http://<keystone ip:port>/identity_admin/v3/OS-OAUTH1/request_token

  Working scenario:
  When the URL used to generate OAUTH signature is public endpoint, then the response is 201. 
  http://<keystone ip:port>/identity/v3/OS-OAUTH1/request_token

  Endpoints in devstack for identity:
  ocata@ocata-VirtualBox:~/devstack$ openstack endpoint list | grep identity
  | 549f73e17b0e471e95176bb508561bb3 | RegionOne | keystone     | identity          | True    | internal  | http://192.168.56.101/identity                    |
  | 739cda51666f4ab197241beac5c5c14c | RegionOne | keystone     | identity          | True    | admin     | http://192.168.56.101/identity_admin              |
  | a0eb39c0ecff46c3b61bc6184c42bc13 | RegionOne | keystone     | identity          | True    | public    | http://192.168.56.101/identity

  
  Steps to reproduce the problem:

  Run the python script in the below link (by changing the necessary credentials and IP address)
  https://pastebin.com/AqL9674n

  If #L38 is modified to public endpoint (http://<keystone
  ip:port>/identity/v3/OS-OAUTH1/request_token), the status code is 201.

  Seems like Keystone code verifies the OAUTH signature using Public
  endpoint irrespective of the request URL.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1687593/+subscriptions

References

  Thread PreviousDate PreviousThread Next