Bug 1828843 - Keystone client fails to use application credentials if AUTH_URL has no "v3" suffix
Summary: Keystone client fails to use application credentials if AUTH_URL has no "v3" ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-keystoneauth1
Version: 16.0 (Train)
Hardware: All
OS: All
medium
medium
Target Milestone: z2
: 16.1 (Train on RHEL 8.2)
Assignee: Lance Bragstad
QA Contact: Jeremy Agee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-28 13:22 UTC by Alex Stupnikov
Modified: 2023-12-15 17:50 UTC (History)
7 users (show)

Fixed In Version: python-keystoneauth1-3.17.3-0.20200714091827.7d7b956.el8ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-28 15:37:32 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1876317 0 None None None 2020-05-01 17:02:06 UTC
OpenStack gerrit 731520 0 None MERGED Inject /v3 in token path for v3 plugins 2020-10-28 10:56:55 UTC
OpenStack gerrit 738948 0 None MERGED Release keystoneauth 3.17.3 2020-10-28 10:56:55 UTC
Red Hat Issue Tracker OSP-929 0 None None None 2023-12-15 17:50:43 UTC
Red Hat Knowledge Base (Solution) 5042291 0 None None None 2020-05-01 10:25:26 UTC
Red Hat Product Errata RHEA-2020:4284 0 None None None 2020-10-28 15:38:12 UTC

Description Alex Stupnikov 2020-04-28 13:22:55 UTC
Description of problem:

HTTP 404 error is returned for every keystone call if AUTH_URL has no "v3" suffix and application credentials are used.

I am not questioning the fact that application credentials only work for keystone v3 endpoints, but we also should keep in mind that Horizon generates RC files without this suffix.

I would like to ask to tell keystoneclient to parse available API endpoints first and then fail if proper one is not found.

https://docs.openstack.org/keystoneauth/latest/authentication-plugins.html#application-credentials


How reproducible:
Use auth_url without "v3" suffix

Actual results:
HTTP 404

Expected results:
Client parses available endpoints and using correct one

Comment 14 errata-xmlrpc 2020-10-28 15:37:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4284


Note You need to log in before you can comment on or make changes to this bug.