Bug 1274858

Summary: PYTHONWARNINGS ignored in keystone
Product: Red Hat OpenStack Reporter: Jon Thomas <jthomas>
Component: python-keystoneclientAssignee: Adam Young <ayoung>
Status: CLOSED WONTFIX QA Contact: yeylon <yeylon>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0 (Kilo)CC: jmelvin, jruzicka, jthomas, nkinder, skinjo, srevivo, yeylon
Target Milestone: ---   
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-11 19:00:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jon Thomas 2015-10-23 17:11:57 UTC 
install with ssl and you get warnings when running openstack cli. These warnings can be suppressed by setting:

export PYTHONWARNINGS="ignore"

and for some cli, it works:

[stack@osp7dr2 ~]$ source stackrc
[stack@osp7dr2 ~]$ nova list
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+

But still a warning when using "keystone" command:

[stack@osp7dr2 ~]$ keystone user-list
/usr/lib/python2.7/site-packages/keystoneclient/shell.py:65: DeprecationWarning: The keystone CLI is deprecated in favor of python-openstackclient. For a Python library, continue using python-keystoneclient.
  'python-keystoneclient.', DeprecationWarning)
/usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
+----------------------------------+------------+---------+--------------------------+
|                id                |    name    | enabled |          email           |
+----------------------------------+------------+---------+--------------------------+
| 1df259ce5388436bbc552f084f1887ac |   admin    |   True  |      root@localhost      |
| 3d2e15d1ec7245619ec69fc545121a45 | ceilometer |   True  | email=nobody |
| 8b9016da052a4e9cbc6d65f43e132c82 |   glance   |   True  | email=nobody |
| 8bd69c4718e34c359e3f90df4109e4a9 |    heat    |   True  | email=nobody |
| 4ae93444e0a7456eb21cb9550da3fbc2 |   ironic   |   True  | email=nobody |
| c0b92eebe0e0411c847bfefe4642e6dc |  neutron   |   True  | email=nobody |
| a994c4f90dd44679b71fe061a6ad3ef8 |    nova    |   True  | email=nobody |
| f5a1240849844d52a7e5004a70cde05a |   swift    |   True  | email=nobody |
| bbf7430836d84c759a3dc9e1ef672796 |   tuskar   |   True  | email=nobody |
+----------------------------------+------------+---------+--------------------------+

Keystone difference is due to warnings.resetwarnings() which drops the state of the -W or PYTHONWARNINGS flags. If you comment out warnings.resetwarnings() as below, the work around works with still having the coded Deprecation Warning.

Also, inserting 

warnings.simplefilter('ignore')

after 

warnings.resetwarnings()

will also drop the warnings.

    def __init__(self, parser_class=argparse.ArgumentParser):

        # Since Python 2.7, DeprecationWarning is ignored by default, enable
        # it so that the deprecation message is displayed.
        warnings.simplefilter('once', category=DeprecationWarning)
        warnings.warn(
            'The keystone CLI is deprecated in favor of '
            'python-openstackclient. For a Python library, continue using '
            'python-keystoneclient.', DeprecationWarning)
        # And back to normal!
        #warnings.resetwarnings()
        self.parser_class = parser_class


Unfortunately there doesn't seem to be a method in warnings.py to get the warning filters  in order to save them and reset them. Is there really a need to use resetwarnings()? 

related bz https://bugzilla.redhat.com/show_bug.cgi?id=1242675
Comment 4 Adam Young 2015-11-10 16:42:14 UTC 
There are things you cannot do with the Keystone client:  Groups and Domains are the most valuable and obvious.  While the KC CLI should still run, we should encourage people to move off of it.  This is the upstream approach.


Is there a real need for IGNOREWARNING support, or can said users be migrated to the OpenStack common CLI?
Comment 5 Jeremy 2015-11-13 18:49:17 UTC 
Adam openstack user list has the same warnings. So moving to openstack common cli does not solve the problem.

stack@osp7dr1 ~]$ openstack user list

/usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
+----------------------------------+------------+
| ID                               | Name       |
+----------------------------------+------------+
| d854f3ac241147fa8c84a835ac5ad538 | admin      |
| 30826e60c3c247409f2fe0fd6ca6a19b | ceilometer |
| c9489f2741ef4a489a6df3275d4a6137 | glance     |
| 6726b5be18944e579d0e2e23ddaafe37 | heat       |
| 966dd934b1df4b6eb2b27e8768163a31 | ironic     |
| 4caea16e07384b46b2006cd54bc340e8 | neutron    |
| 524f7a04b1ec47ababce77f4ab280e59 | nova       |
| 14ac635ee6564cc0a956e8dca2b9fc3f | swift      |
| b2c1ee5dfd5340d186a49be31b085788 | tuskar     |
+----------------------------------+------------+
Comment 9 Jon Thomas 2015-12-11 19:00:34 UTC 
yes we can close.