Bug 1035277

Summary: python-heatclient doesn't handle token-only auth properly
Product: [Community] RDO Reporter: Steven Dake <sdake>
Component: python-heatclientAssignee: Jakub Ruzicka <jruzicka>
Status: CLOSED UPSTREAM QA Contact: Shai Revivo <srevivo>
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jpeeler, jruzicka, sdake, shardy, yeylon, zbitter
Target Milestone: ---Keywords: OtherQA
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-heatclient-0.2.6-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1035199 Environment:
Last Closed: 2014-02-12 22:30:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1035199    

Description Steven Dake 2013-11-27 12:42:26 UTC 
+++ This bug was initially created as a clone of Bug #1035199 +++

Description of problem:
I did some testing and found a number of issues related to token-only auth via python-heatclient:

Upstream bug has details:

https://bugs.launchpad.net/python-heatclient/+bug/1252248

Patches proposed but not yet merged:
https://review.openstack.org/#/q/status:open+project:openstack/python-heatclient+branch:master+topic:bug/1252248_2,n,z

The heat API aspects discussed under bz #989681 all seem to work OK AFAICT, the issues were only in the client code, so we need to track getting the necessary fixes into an upstream python-heatclient release, then sync that into RDO and RHOS.

Version-Release number of selected component (if applicable):
python-heatclient-0.2.5-1

How reproducible:
Always

Steps to Reproduce:
1. heat --os-auth-url http://127.0.0.1:35357/v2.0/ --os-auth-token <a keystone token> --os-tenant-id <tenant ID> stack-list
2. heat --os-no-client-auth --heat-url http://127.0.0.1:8004/v1/<tenant ID> --os-auth-token <a token> stack-list


Actual results:
Both of the above should work, but don't

Expected results:
Authentication against a Heat service should work with an existing keystone token.

Additional info:
To validate this, we should ensure that the CLI interfaces above work, and also the corresponding environment variable interfaces to the same options, e.g:

OS_AUTH_URL, OS_AUTH_TOKEN, OS_TENANT_ID for example (1) above, and
OS_NO_CLIENT_AUTH, OS_AUTH_TOKEN, HEAT_URL for example (2)

--- Additional comment from RHEL Product and Program Management on 2013-11-27 04:54:07 EST ---

Since this issue was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 1 Steven Dake 2013-12-05 17:58:22 UTC 
should be handled by a rebase to 1.2.6.
Comment 2 Jakub Ruzicka 2013-12-10 13:14:53 UTC 
python-heatclient 0.2.6 is now available in RDO.